1 / 15

How to Make E-cash with Non-Repudiation and Anonymity

How to Make E-cash with Non-Repudiation and Anonymity. Authors: Ronggong Song and Larry Korba Source: Information Technology: Coding and Computing, 2004. Proceedings of International Conference on ITCC 2004, Vol. 2, 2004, pp.167-172 Presenter: Jung-wen Lo ( 駱榮問 ) Date: 2004/09/23.

dusty
Download Presentation

How to Make E-cash with Non-Repudiation and Anonymity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. How to Make E-cash with Non-Repudiation and Anonymity Authors: Ronggong Song and Larry Korba Source: Information Technology: Coding and Computing, 2004. Proceedings of International Conference on ITCC 2004, Vol. 2, 2004, pp.167-172 Presenter: Jung-wen Lo (駱榮問) Date: 2004/09/23

  2. Outline • Introduction • Motivation • Abe-Fujisaki’s protocol • The proposed scheme • Architecture • Protocol • E-cash Issue • On-line shopping • E-cash renew • Protocol Characteristics • Analysis • Conclusions • Comment

  3. Introduction • Chaum: Blind signature (1982) • Authenticity • Integrity • Nonrepuditation • Blind to signer • May not be traced by the signer after the signature is revealed • E_cash • Easily duplicate => Double-spending • Bank implement double-spending checking => Lack of nonrepudiaion

  4. Introduction-Online e-cash payment system 2. Deduct BankDatabse 1. Withdraw 6. Deposit Bank 3. E_Cash 5. Deposit Customer 4. Pay E_Cash • ※ Electronic cash scheme: • Untraceable: D. Chaum, 1990 • Partially blind signature: Abe-Fujisaki, 1996 e-store

  5. Abe-Fujisaki’s protocol Stage Customer Bank Payee ※v: predefined by bank contains expired date PK: (e, n)PV: (d, p, q) Initial random r, m, vα=revH(m) mod n Withdraw α,v chk v format dv=(ev)-1modΦ(n) β=αdv mod n Deduct β Unblind s=r-1β mod n (m,s) Deposit sev?≡H(m) mod n sev=(r-1β)ev=(r-1α(ev)-1)ev=r-ev(revH(m))(ev)-1(ev)=H(m) (m, s) Verify as Payee Deposit

  6. Architecture of the new e-cash system

  7. New e-cash protocol(E-cash Issue) Stage Customer(A) Bank(B) PK: (eA, nA),PV: (dA, pA, qA) Initial PK: (eb, nb), PV: (db, pb, qb) ※v : Expired date, Money amount, … Temp. PK: (et, nt)Temp. PV: (dt, pt, qt) random r, vα=rebvH(et||nt) mod nb E-cash Issue(Withdraw) SignA= (H(IDA,AccountA,PKA,α,v,TimeA))dA mod nA (IDA,AccountA,PKA,α,v,TimeA),SignA chk v format dv=(ebv)-1 β=αdv mod nb SignB=(H(IDA,IDB,β,TimeB))db mod nA (IDA,IDB,β,TimeB),SignB Check TimeB & SignBs=r-1β mod nb Unblind ※e-cash: (et,nt,v,s)

  8. New e-cash protocol (Online Shopping) MerchanteStore(ES) Stage Customer(A) Bank(B) Signt= (H(Cost,AccountES,et,nt,v,s,TimeA)|| H(E-goods))dt mod nA Shopping E-goods,(Cost,AccountES,et,nt,v,s,TimeA),Signt (Deposit) Verify Cost,AccountES,TimeA,Signtsebv?≡H(et||nt) mod nbEMD=H(E-goods) (Cost,AccountES,et,nt,v,s,TimeA),Signt,EMD Verify AccountES,TimeA,Signts’ =H(et,nt,v,s,RM)db mod nbSignB=(H(ReceiptES,et,nt,v,s,RM,s’,TimeB))db mod nb (ReceiptES,et,nt,v,s,RM,s’,TimeB),SignB Verify all messagesSignES=(H(License,ReceiptA,et,nt,v,s,RM,s’,TimeES))dES mod nES (License,ReceiptA,et,nt,v,s,RM,s’,TimeES),SignES ※EMD : E-goods message digestRM: Remainder e-cash

  9. The digital e-cash The remainder digital e-cash E-cash Renew

  10. New e-cash protocol (E-cash Renew) Customer(A) Stage Bank(B) Renew Choose new et’,nt’,dt’Signt= (H(α,v,et’,nt’,v’,s’,Timet))dt mod ntα’=rebv’H(et’||nt’) mod nb (α’,v,et’,nt’,v’,s’,TimeA),Signt Verify messages dv=(ebv’ )-1 β=(α’)dv mod nbSignB= (H(et’,nt’,v’,s’,β,TimeB))db mod nb (et’,nt’,v’,s’,β,TimeB),SignB s’=r-1β mod nb

  11. Protocol Characteristics • Strong privacy protection • Bank and merchant cannot determine buyer • Non-repudiation • All message are signed • Strong safety protection • Only authorize e-cash owner can use the e-cash

  12. Analysis • Anonymity analysis • Partial blind signature • Anonymous temporary public key • Non-repudiation analysis • E-cash issue • The message is signed with the customer’s certificate • Online shopping • The messages are signed with the private key of the e-cash

  13. Analysis • Security analysis • Passive attacks • Transmiting messages are protected with SSL security channel • Bank cannot determine who holds the temporary public key • Active attacks • Replay attack: Time stamp “Time” • Modification attack: Verify signature “Sign”

  14. Conclusions • Strong privacy protection • Non-repudiation services • Against denying, double-spending, losting, misusing and stealing of the e-cash • Could be implmented with XML and SSL security channel

  15. Comments • Bank should verify s and v in on-line shoping stage • How to use remainder money? • Bank records e-cahs (et,nt,v,s) and remainder e-cash RM • Future work • Implemented in public network? • Without CA?

More Related