how to make e-cash with non-repudiation and anonymity
DESCRIPTION
How to Make E-cash with Non-Repudiation and Anonymity. Ronggong Song, Larry Korba Proceedings of the International Conference on Information Technology: Coding and Computing Vol. 2, Apr. 2004, pp. 167-172. Adviser: Dr. Min-Shiang Hwang Speaker: 鍾松剛. Bank. The Motivations. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/1.jpg)
2004-12-22 1
How to Make E-cash with Non-Repudiation and Anonymity
Ronggong Song, Larry KorbaProceedings of the International Conference on Information Technology:
Coding and ComputingVol. 2, Apr. 2004,
pp. 167-172
Adviser: Dr. Min-Shiang Hwang Speaker: 鍾松剛
![Page 2: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/2.jpg)
2004-12-22 2
The Motivations
E-Cash: Easy duplicated Bank needs to implement double-spending checking
Double-spending checking does not provide a non-repudiation service Non-repudiation service needs a signature Signature violates the anonymous of e-cash
Bank
Thief
?!
?!
![Page 3: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/3.jpg)
2004-12-22 3
Partial Blind Digital Signature
M. Abe and E. Fujisaki, “How to Date Blind Signatures”,
Advances in Cryptology--ASIACRYPT '96, pp. 244-251 Allows a signer to sign a partially blinded message that
include pre-agreed information such as expiry date or
collateral conditions in unblinded form.
Designed to protect the bank’s database from growing
without limits Expired e-cash can be removed
![Page 4: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/4.jpg)
2004-12-22 4
Example: Partial blind digital signature
Alice Bankv is a predefined message by the bankand contains an expiration date
Randomly choose m, r in Z*n
Compute α≡revH(m) mod n α,vVerify the correctness of vCompute t≡ α(ev)-1 mod n ≡ r H(m)(ev)-1 mod nDeduct w dollars
t
Compute s≡r -1t mod n ≡H(m)(ev)-1 mod ne-cash (m, s, v)
Deposit
(m, s, v)
Verify v sev≡H(m) mod n
(m, s, v)VerifyAdd w dollars to payee’s account
Merchant
e, d
![Page 5: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/5.jpg)
2004-12-22 5
Architecture
AliceBank
CA
Merchant
![Page 6: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/6.jpg)
2004-12-22 6
Protocol’s Sketch Map
Alice
Bank
(buy e-cash)
(temporal PK)Blind_sign
(temporal PK)Blind_sign Deducts w dollars
(e-cash)temporal SK verify … verify
Reply(license)SK_M
Merchant
e-cash
Useless
![Page 7: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/7.jpg)
2004-12-22 7
E-cash Issue ProtocolAlice
IDA, AccountA, PKA, α, v, TimeA, SignA
IDA, IDP, β, TimeB, SignB
PKT = (et, nt)SKT = (dt, pt, qt)
α≡rebv H(et||nt) mod nb
SignA = [H(IDA, AccountA, PKA, α, v, TimeA)]dA mod nA
eb, db
Verify AccountA, TimeA, SignA, v
eA, dA
β = α(ebv)-1 mod nb
= r H(et||nt)(epv)-1
SignB = [H(IDA, IDB, β, TimeB)]db mod nb
Debit $$ from AccountA
Verify TimeB, SignB
s≡r -1 β mod nb
e-cash (et, nt, v, s)
et, nt
Expiration dateBalanceSignB
Bank
dd/mm/yyyy
$xxx.xx
v’s format
![Page 8: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/8.jpg)
2004-12-22 8
On-line Shopping ProtocolAlice
e-goods, Cost, AccountM, e-cash, TimeA, Signt
ReceiptM, e-cash, RM, s’, TimeB, SignB
PKT = (et, nt)SKT = (dt, pt, qt)
s=H(et||nt)(epv) -1
e-cash (et, nt, v, s)Select e-goodsSignt = [H(Cost, AccountM, e-cash, TimeA) || H(e-goods)]dt mod nt
eP, dP
Verify
s’ = [H(et, nt, v, s, RM)]db mod nb
SignB = [H(ReceiptM, e-cash, RM, s’, TimeB)]db mod nb
e-cash (et, nt, v, s, RM, s’)
Merchant Bank
VerifyEMD=h(e-goods)
Cost, AccountM, e-cash, TimeA, EMD, Signt
Verify SignM = [H(License, ReceiptA, e-cash, RM, s’, TimeM)]dM mod nMLicense, ReceiptA, e-cash, RM, s’, TimeM, SignM
![Page 9: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/9.jpg)
2004-12-22 9
E-cash Renew ProtocolAlice
α, v, et, nt, v’, s’, Timet Signt
Fill a new e-cash form v’α≡rebv’ H(et||nt) mod nb
Signt = [ h(α, v, et, nt, v’, s’, Timet) ]dt mod nt
eb, db
Verify
eA, dA
β = α(ebv ’)-1 mod nb
= r H(et||nt)(epv ’)-1
SignB = [H(et, nt, v’, s’, β, TimeB)]db mod nb
Verify TimeB, SignB
s’’≡r -1 β mod nb
e-cash (et, nt, v’, s’’)
Bank
dd/mm/yyyy
$xxx.xx
v’s formats’ = [H(et, nt, v, s, RM)]db mod nb
et, nt, v’, s’, β, TimeB SignB
![Page 10: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/10.jpg)
2004-12-22 10
Protocol Characteristics
Strong privacy protection A anonymous temporary public key is embedded into t
he partial blind signature Unlinkability: no one can determine the customer The format and content of message v are same with ot
her e-cashes. Non-repudiation
Signature is useful if there is a dispute later Strong safety protection
Other person cannot spend the e-cash without the private key
![Page 11: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/11.jpg)
2004-12-22 11
Security Analysis
Passive attacks All messages are protected with the SSL security
channels Active attacks
Replay attacks Can be defeated by time stamp
Modification attacks Can be defeated by signature
![Page 12: How to Make E-cash with Non-Repudiation and Anonymity](https://reader036.vdocuments.pub/reader036/viewer/2022082711/56813221550346895d98813b/html5/thumbnails/12.jpg)
2004-12-22 12
Conclusion
Customer
Bank
Merchant
Denying
Double-spending
Losing
misusing
stealing