1 / 18

Recoverable and Untraceable E-Cash

Recoverable and Untraceable E-Cash. Dr. Joseph K. Liu The Chinese University of HongKong. Outline. Introduction of E-cash Our Proposed Recoverable and Untraceable E-Cash Concept Construction Extension Conclusion. Electronic Cash. Digital Analogy of paper cash

marilu
Download Presentation

Recoverable and Untraceable E-Cash

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong

  2. Outline • Introduction of E-cash • Our Proposed Recoverable and Untraceable E-Cash • Concept • Construction • Extension • Conclusion

  3. Electronic Cash • Digital Analogy of paper cash • According to [1], ideal e-cash has 6 main properties: • Independence • Security • Privacy • Off-line payment • Transferability • Divisibility • [1] Tatsuaki Okamoto and Kazuo Ohta. “Universal electronic cash”. In J. Feigenbaum, editor, Advances in Cryptology – CRYPTO ’91, Lecture Notes in Computer Science, pages 324-337. Springer-Verlag, 1992.

  4. Electronic Cash • Advantages of Electronic Cash over other kinds of payment systems: • Privacy • Off-line payment • Suitable for Small Amount Payment • Examples of Electronic Cash System: • Mondex • Octopus Card

  5. A New Recoverable and Untraceable Electronic Cash • Recoverability and untraceability are two conflicting properties! • Most of the e-cash papers only focus on the 6 main properties. • We propose a new scheme that can support recoverabilityand untraceability.

  6. A New Recoverable and Untraceable Electronic Cash • The Basic Idea – we use an indirect method: • How much e-cash lost • =How much e-cash withdraw • – how much e-cash spent • If we give up untraceability, it is easy! • In our system, we append an additional number to each e-coin. This number gives no information about the identity of the user.

  7. A New Recoverable and Untraceable Electronic Cash • Our system is motivated from S. Brand’s Single Term E-Cash [2] protocol. • Brief introduction of his protocol: • Setup of the System • Bank B, Customer U and Shop S. • [2] S. Brands. Untraceable off-line cash in wallet with observers. In Advances in Cryptology – CRYPTO ’93, Lecture Notes in Computer Science, pages 302-318. Springer-Verlag, 1993.

  8. A New Recoverable and Untraceable Electronic Cash • The Withdrawal Protocol • After withdrawing e-cash from the bank, U obtains {A, B, sign(A, B)} as the coin. • The Payment Protocol • S sends a challenge to U. • U computes the responses {r1, r2} and sends them back to U together with the coin {A, B, sign(A, B)} . • S checks the responses and the coins. Accept it if both are valid.

  9. A New Recoverable and Untraceable Electronic Cash • The Deposit Protocol • S sends the coin {A, B, sign(A, B)} ,the responses {r1, r2} and the date/time of the transactions to the B after some time. • B checks whether this coin has been deposited before. • If not, accept it. Otherwise, B uses the information provided by S to find out the identity of the double-spent user.

  10. A New Recoverable and Untraceable Electronic Cash • The Proposed Protocol: • The Withdrawal Protocol • There are 4 parties: Bank, Customer Alice, Shop and the Trusted Third Party (TTP). • After withdraws coins from the bank, Alice goes to the TTP to get an additional number, xi, for 1 <= i <= n, for each coin. This additional number has the following properties: • H(x1) = H(x2) = H(x3) ….. = H(xn) = y

  11. A New Recoverable and Untraceable Electronic Cash • The TTP maintains a list that records down all the serial number of the coins. If the coin is in the list, terminate the process. • The TTP checks the signature on the coin. If valid, it gives another signature, such that • Sc = SignTTP{ A, B, Sign(A, B), xi } • Now the coin contains the following: • { A, B, Sign(A, B), xi, Sc }

  12. A New Recoverable and Untraceable Electronic Cash • The TTP gives another signature on y and n. Let Sb = SignTTP{ y, n }.Sb will be given to Alice. Alice should keep {Sb , y, n} in a safe place. • The Payment Protocol • The basic payment protocol based on S. Brand’s protocol. • The shop checks also the signature of the TTP. • The shop hashes the xi of the coin to produce its hash value and checks whether the coin is in the blacklist .

  13. A New Recoverable and Untraceable Electronic Cash • The Deposit Protocol • The basic deposit protocol based on S. Brand’s protocol. • The bank hashes the xi of the coin to produce its hash value and checks whether the coin is in the blacklist . • The Recovery Protocol • If Alice has lost her remaining coins, she has to do the following:

  14. A New Recoverable and Untraceable Electronic Cash • She has to reveal her identity to the bank and present the back-up number { Sb , y, n } to the bank. • The bank checks the signature ofSbon{y, n}. • It looks up its database to find out all the coins with their hashed values of xi are equal to y. These coins are those Alice has already spent. • Finally the bank can calculate the difference D between the total amount Alice has withdrawn and the total amount she has spent.

  15. A New Recoverable and Untraceable Electronic Cash • In order to prevent Alice pretend losing the coins but in fact she does not, the following steps must be taken immediately: • The bank adds the number y to the blacklist and broadcast it to all the shops. • The shop adds this y to the blacklist.

  16. A New Recoverable and Untraceable Electronic Cash • Security Analysis • Conditional Untraceability • If Alice does not re-claim her lost e-coin, her anonymity is preserved. (Untraceable) • If Alice re-claims her lost e-coin, she has to give up her anonymity.

  17. A New Recoverable and Untraceable Electronic Cash • Extension • Customers can choose whether to “buy” the recoverable service or not. • Pre-calculate the hash value: the TTP can produce many groups of xi, j such that • H(x1,j) = H(x2,j) = H(x3,j) ….. = H(xn,j) = yj

  18. Conclusion • We propose a new e-cash system with Recoverability and Untraceability • We believe it can provide more convenience to users • Make e-cash more popular

More Related