400 likes | 630 Views
Digital Cash. Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?. A payment message bearing a digital signature which functions as a medium of exchange or store of value Need to be backed by a trusted third party, usually the government and the banking industry. Key Properties. Secure
E N D
Digital Cash Present By Kevin, Hiren, Amit, Kai
What is Digital Cash? • A payment message bearing a digital signature which functions as a medium of exchange or store of value • Need to be backed by a trusted third party, usually the government and the banking industry.
Key Properties • Secure • Anonymous • Portable • Reusable • User-friendly
Link with other banks Bank Withdraw Coins Deposit Coins Payment Merchant User The Online Model • Structure Overview
Pros and Cons of the online scheme • Pros • Provides fully anonymous and untraceable digital cash. • No double spending problems. • Don't require additional secure hardware – cheaper to implement. • Cons • Communications overhead between merchant and the bank. • Huge database of coin records. • Difficult to scale, need synchronization between bank servers. • Coins are not reusable
The Offline Model • Structure Overview Bank Others T.R.D. Temper-resistant device Merchant User
Pros and Cons of the offline model • Advantages • Off-line scheme • User is fully anonymous unless double spend • Bank can detect double spender • Banks don’t need to synchronize database in each transaction. • Coins could be reusable • Reduced the size of the coin database. • Disadvantages • Might not prevent double spending immediately • More expensive to implement
Merchant Customer Bank send m (m)d spend (m)d send (m)d verify Traceable Signature Protocol m message m = amount, serial no (m)d d is secret key of the Bank
message Blind Signatures • Add a blinding factor b • r = (m)be • rd = (mbe)d • Bank could keep a record of r • Remove blinding factor • (mbe)d = (m)dbed • b-1md
Random Serial Number Random Serial Number m1 mk , …, Untraceable Digital Cash • Create k items of m m1 = (…, amount, serial number) mk = (…, amount, serial number)
m1b1e mkbke , …, Bank Untraceable Digital Cash • Create blinding factors:b1e,…, bke • Blind the units - m1b1e, …, mk bke • Send to bank for signing
i Untraceable Digital Cash • Bank chooses k –1 to check • Customer gives all blinding factors except for unit i • Bank checks they are correct
Customer Serial no Untraceable Digital Cash • Bank signs the remaining one and sends it back – (mibei)d = midbi • The customer removes the blind using bi-1 mid
Problem! • When the merchant receives the coin, it still has to be verified • The merchant has to have a connection with the bank at the time of sale • This protocol is anonymous but not portable
Secret Splitting • A method that splits the user ID in to n parts • Each part on its own is useless but when combined will reveal the user ID • Each user ID is XOR with a one time Pad, R
Cont… • E.g. User ID = 2510, R = 1500: • 2510 XOR 1500 = 3090 • The user ID can now be split into 2 parts, I.e. 1500 and 3090 • On their own they are useless but when XOR will reveal the user ID • I.e 1500 XOR 3090 = 2510
User ID: 1500 3090 4545 6159 5878 7992 A Typical Coin • Header Information • Serial number • Transaction Item – pairs of user ID’s
User ID: 1500 XOR 3090 =2510 4545 XOR 6159 =2510 5878 XOR 7992 =2510 A Typical Coin • Header Information • Serial number • Transaction Item – pairs of user ID’s User ID
User ID: 0 3090 4545 6159 5878 7992 Blanking Randomly blank one side of each identity pair
User ID: 0 3090 4545 0 5878 7992 Blanking Randomly blank one side of each identity pair
User ID: 0 3090 4545 0 5878 0 The coin is now spent You can no longer tell who owns the coin • Merchant would now deposit this coin into the bank
The coin is copied and spent at another merchant • Before the user spent the coin the first time, the user made a copy of it • User ID: 1500 0 4545 0 0 7992 • Merchant would now deposit this coin into the bank
Original Coin User ID: 0 3090 4545 0 5878 0 Duplicate Coin User ID: 1500 0 4545 0 0 7992 How can we catch the user? This is what is in the bank
Original Coin User ID: 0 3090 4545 0 5878 0 Duplicate Coin User ID: 1500 0 4545 0 0 7992 3090 XOR 1500 = 2510 5878 XOR 7992 = 2510 User ID How can we catch the user? This is what is in the bank
Probability of catching the culprit • Depends on the number of the identity strings used • Probability of catching a user is: • 1 - ½n , where n is the number of identity strings E.g. n = 5, the probability of catching a user is: 0.97
Reusability • Once the coin has been spent the merchant has to deposit it to the bank • Therefore, coin can only be spent once • Convenience, ability to give change, unnecessary transactions between bank and merchant • Banks database size – less serial numbers • Solution – Add the new User ID to the coin
Setup ID=HIREN ID=AMIT ID=KEVIN
Coins • Users Coin • User ID: A MIT AM IT AMI T
Amit spends his coin at Hirens shop The coin will now look like this: User ID: A 0 0 IT AMI 0 HI REN HIR EN H IREN Amit no longer owns the coin, it is bounded to Hiren
Hiren can now go and spend his coin at Kevin's shop The coin looks like this: User ID: A 0 0 IT AMI 0 HI REN HIR EN H IREN
Hiren can now go and spend his coin at Kevin's shop The coin will now look like this: User ID: A 0 0 IT AMI 0 0 REN 0 EN H 0 KE VIN K EVIN KEV IN
Size Matters! • Coin m = (Serial num, denomination, Transaction list (transactions * user ID), Other Header info) • Limit size by Validity Period and/or max Transactions
£4 £2 £2 £2 £2 £1 £1 £1 £1 £1 £1 £1 £1 Other proposals • What if you what buy something that costs £4.99 and you have £5 coin? • Would have a ‘file’ for every coin
Sender Signer Signing protocol Un-linkable Message-signature pair View of protocol Judge Fair Blind Signatures • Possible solution to undetectable money laundering or ransom demands
Conclusion • Feasible from a purely technological perspective • Anonymous is at the heart of the government's attack • Cannot attract funding
Advantages: • Convenience • Secure • Handling costs • Time saving • Transaction Costs
Global Disadvantages • Safety Issue • Physical Securities • Users Issue • Legal problems