Scribd
Upload
145 views44 pages

DigitalCash RK

Digital cash refers to payment messages digitally signed by a trusted third party like a bank. It aims to be secure, anonymous, portable, reusable, and user-friendly. While credit cards are identified, digital cash can be used anonymously either online by storing value in a digital wallet, or offline. Desired properties of digital cash include security against forgery, privacy through untraceability, transferability without banks, divisibility into smaller denominations, and independence from devices or locations. Online models provide full anonymity but have scaling issues, while offline models use techniques like secret splitting and blind signatures to enable untraceable anonymous payments without an online connection.

Uploaded by

sanjivkinker
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
145 views44 pages

DigitalCash RK

Digital cash refers to payment messages digitally signed by a trusted third party like a bank. It aims to be secure, anonymous, portable, reusable, and user-friendly. While credit cards are identified, digital cash can be used anonymously either online by storing value in a digital wallet, or offline. Desired properties of digital cash include security against forgery, privacy through untraceability, transferability without banks, divisibility into smaller denominations, and independence from devices or locations. Online models provide full anonymity but have scaling issues, while offline models use techniques like secret splitting and blind signatures to enable untraceable anonymous payments without an online connection.

Uploaded by

sanjivkinker
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 44

Digital Cash

What is Digital Cash?


A payment message bearing a digital signature which functions as a medium of exchange or store of value Need to be backed by a trusted third party, usually the government and the banking industry.

Key Properties
Secure
Anonymous Portable Reusable User-friendly

Digital Cash vs Credit Card


Anonymous Identified

Online or Off-line Store money in digital wallet

Online Money is in the Bank

However, Credit cards are not digital cash, because they fail to meet some essential requirements for digital cash. Three parities in digital cash: a customer, a merchant, and the bank. Desired Security Requirements for Digital Cash: - Security: The digital cash cannot be forged and/or reused by a user illegally. - Privacy (Untraceability) : Nobody, including the bank, cannot reveal the relationship btw the identities of customers and the digital cash. It includes both unlinkability and anonymity. - Transferability: Digital cash can be transferred btw customers without the help from the bank.

Off-Line Payment: To verify the validity of e-cash, a user does not need to enquire the bank. - Divisibility: A user can subdivide a piece of e-cash into smaller pieces of e-cash in small denominations.

- Independence: The use of e-cash does not rely on any physical locations and/ or special devices.

On-Line Digital Cash


First scheme:
The bank signs a standard signature as digital cash. Second scheme: Using blind signatures to get the digital cash from the bank. A blind signature scheme allows a signature requestor to get the signer's digital signature without revealing the signed message to the signer.

On-Line Digital Cash

The Online Model


Structure Overview
Link with other banks

Bank

Withdraw Coins

Deposit Coins

Payment

User

Merchant

Pros and Cons of the online scheme


Pros
Provides fully anonymous and untraceable digital cash. No double spending problems. Don't require additional secure hardware cheaper to implement.

Cons
Communications overhead between merchant and the bank. Huge database of coin records.

Difficult to scale, need synchronization between bank servers.


Coins are not reusable

The Offline Model


Structure Overview
Bank

Others
T.R.D . Temperresistant device

User

Merchan t

Off-Line Digital Cash


A trusted party is needed.
It could be a tamper-resistant devices (TRD).

The basic idea: Using secret splitting technique to escrow users identity.

Pros and Cons of the offline model


Advantages
Off-line scheme User is fully anonymous unless double spend Bank can detect double spender Banks dont need to synchronize database in each transaction. Coins could be reusable Reduced the size of the coin database.

Disadvantages
Might not prevent double spending immediately More expensive to implement

Traceable Signature Protocol


Merchant Customer
m
message m = amount, serial no
send

Bank
m

(m)d

spend

(m)d

send

(m)d
d is secret key of the Bank

(m)d

verify

Blind Signatures
r = (m)be rd = (mbe)d

Add a blinding factor b

message

Bank could keep a record of r Remove blinding factor (mbe)d = (m)dbed b-1 md

Untraceable Digital Cash


Create k items of m

m1 = (, amount, serial number) mk = (, amount, serial number)


Random Serial Number Random Serial Number

m1

, ,

mk

Untraceable Digital Cash


Create blinding factors:b1e,, bke

Blind the units - m1b1e, , mk bke

m1b1e

, ,

mkbke

Send to bank for signing


Bank

Untraceable Digital Cash


Bank chooses k 1 to check
Customer gives all blinding factors except for unit i Bank checks they are correct

Untraceable remaining one and sends it back Digital Cash Bank signs the
(mibei)d = midbi
Customer

The customer removes the blind using

bi-1 mid

Problem!
When the merchant receives the coin, it still has to be

verified The merchant has to have a connection with the bank at the time of sale This protocol is anonymous but not portable

How to make it off-line

Secret Splitting
A method that splits the user ID in to n parts
Each part on its own is useless but when combined will

reveal the user ID Each user ID is XOR with a one time Pad, R

Cont
E.g. User ID = 2510, R = 1500:
2510 XOR 1500 = 3090 The user ID can now be split into 2 parts, I.e. 1500 and

3090 On their own they are useless but when XOR will reveal the user ID I.e 1500 XOR 3090 = 2510

A Typical Coin
Header Information Serial number Transaction Item pairs of user IDs
User ID:

1500 4545 5878

3090 6159 7992

A Typical Coin

Header Information Serial number Transaction Item pairs of user IDs


User ID:

1500 XOR 3090 = 2510 4545 XOR 6159 = 2510 5878 XOR 7992 = 2510

User ID

Blanking
Randomly blank one side of each identity pair

User ID:

0 4545 5878

3090 6159 7992

Blanking
Randomly blank one side of each identity pair

User ID:

0 4545 5878

3090 0 7992

The coin is now spent


You can no longer tell who owns the coin

User ID:

0 4545 5878

3090 0 0

Merchant would now deposit this coin into the bank

The coin is copied and spent at another merchant


Before the user spent the coin the first time, the user made a copy of it

User ID:

1500 4545 0

0 0 7992

Merchant would now deposit this coin into the bank

How can we catch the user?


This is what is in the bank

Original Coin User ID:

Duplicate Coin User ID:

0 4545 5878

3090 0 0

1500 4545 0

0 0 7992

How can we catch the user?


This is what is in the bank

Original Coin User ID:

Duplicate Coin User ID:

0 4545 5878

3090 0 0

1500 4545 0

0 0 7992

3090 XOR 1500 = 2510 5878 XOR 7992 = 2510

User ID

Probability of catching the culprit


Depends on the number of the identity strings used
Probability of catching a user is: 1 - n , where n is the number of identity strings E.g. n = 5, the probability of catching a user is: 0.97

Reusability
Once the coin has been spent the merchant has to

deposit it to the bank Therefore, coin can only be spent once Convenience, ability to give change, unnecessary transactions between bank and merchant Banks database size less serial numbers Solution Add the new User ID to the coin

Setup

ID=HIREN

ID=AMIT

ID=KEVIN

Coins
Users Coin User ID:

A AM AMI

MIT IT T

Amit spends his coin at Hirens shop


The coin will now look like this:
User ID: A 0 AMI HI HIR H 0 the coin, it is bounded IT to Hiren 0 REN EN IREN Amit no longer owns

Hiren can now go and spend his coin at Kevin's shop


The coin looks like this: User ID: A 0 AMI HI HIR H 0 IT 0 REN EN IREN

Hiren can now go and spend his coin at Kevin's shop


The coin will now look like this: User ID: A 0 0 IT AMI 0 0 REN 0 EN H 0 KE VIN K EVIN KEV IN

Size Coin m = (Serial num, denomination, Transaction Matters!


list (transactions * user ID), Other Header info)

Limit size by Validity Period and/or

max Transactions

Other proposals something that costs 4.99 What if you what buy
and you have 5 coin? Would have a file for every coin

4 2 1 1 1 2 1 2 2

Fair Blindsolution to undetectable money Signatures Possible


laundering or ransom demands
Signing protocol Un-linkable

Sender
Message-signature pair

Signer
View of protocol

Judge

Conclusion
Feasible from a purely technological perspective
Anonymous is at the heart of the government's attack Cannot attract funding

Advantages:
Convenience
Secure Handling costs Time saving Transaction Costs

Global Disadvantages
Safety Issue
Physical Securities Users Issue

Legal problems

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy