How to Make E-cash with Non-Repudiation and Anonymity Authors: Ronggong Song and Larry Korba Source: Information Technology: Coding and Computing, 2004. Proceedings of International Conference on ITCC 2004, Vol. 2, 2004, pp.167-172 Presenter: Jung-wen Lo (駱榮問) Date: 2004/09/23 Outline Introduction The proposed scheme Motivation Abe-Fujisaki’s protocol Architecture Protocol E-cash Issue On-line shopping E-cash renew Protocol Characteristics Analysis Conclusions Comment 2 Introduction Chaum: Blind signature (1982) Authenticity Integrity Nonrepuditation Blind to signer May not be traced by the signer after the signature is revealed E_cash Easily duplicate => Double-spending Bank implement double-spending checking => Lack of nonrepudiaion 3 IntroductionOnline e-cash payment system 2. Deduct 1. Withdraw Bank 6. Deposit Bank Databse 3. E_Cash 5. Deposit Customer 4. Pay E_Cash ※ Electronic cash scheme: Untraceable: D. Chaum, 1990 Partially blind signature: Abe-Fujisaki, 1996 e-store 4 Abe-Fujisaki’s protocol Stage Initial Customer Bank Payee ※v: predefined by bank contains expired date PK: (e, n) PV: (d, p, q) Withdraw chk v format dv=(ev)-1modΦ(n) β=αdv mod n Deduct Unblind α,v random r, m, v α=revH(m) mod n β s=r-1β mod n (m,s) Deposit Verify as Payee Deposit (m, s) sev?≡H(m) mod n sev=(r-1β)ev=(r-1α(ev)-1)ev =r-ev(revH(m))(ev)-1(ev)=H(m) 5 Architecture of the new e-cash system 6 New e-cash protocol (E-cash Issue) Stage Initial Customer(A) Bank(B) PK: (eb, nb), PV: (db, pb, qb) PK: (eA, nA),PV: (dA, pA, qA) ※v : Expired date, Money amount, … E-cash Issue (Withdraw) Temp. PK: (et, nt) Temp. PV: (dt, pt, qt) random r, v α=rebvH(et||nt) mod nb SignA= (H(IDA,AccountA,PKA,α,v,TimeA))dA mod nA (IDA,AccountA,PKA,α,v,TimeA),SignA chk v format dv=(ebv)-1 β=αdv mod nb SignB=(H(IDA,IDB,β,TimeB))db mod nA (IDA,IDB,β,TimeB),SignB Unblind ※e-cash: (et,nt,v,s) Check TimeB & SignB s=r-1β mod nb 7 New e-cash protocol (Online Shopping) Stage Shopping Customer(A) Bank(B) Signt= (H(Cost,AccountES,et,nt,v,s,TimeA)|| H(E-goods))dt mod nA Merchant eStore(ES) E-goods,(Cost,AccountES, et,nt,v,s,TimeA),Signt (Deposit) Verify Cost,AccountES,TimeA,Signt sebv?≡H(et||nt) mod nb (Cost,AccountES,et,nt,v,s,TimeA),Signt,EMD EMD=H(E-goods) Verify AccountES,TimeA,Signt s’ =H(et,nt,v,s,RM)db mod nb SignB=(H(ReceiptES,et,nt,v,s,RM,s’,TimeB))db mod nb (ReceiptES,et,nt,v,s,RM,s’,TimeB),SignB Verify all messages SignES=(H(License,ReceiptA,et,nt,v,s,RM,s’,TimeES))dES mod nES ※EMD : E-goods message digest RM: Remainder e-cash (License,ReceiptA,et,nt,v, s,RM,s’,TimeES),SignES 8 E-cash Renew The digital e-cash The remainder digital e-cash 9 New e-cash protocol (E-cash Renew) Stage Renew Customer(A) Bank(B) Choose new et’,nt’,dt’ Signt= (H(α,v,et’,nt’,v’,s’,Timet))dt mod nt α’=rebv’H(et’||nt’) mod nb (α’,v,et’,nt’,v’,s’,TimeA),Signt Verify messages dv=(ebv’ )-1 β=(α’)dv mod nb SignB= (H(et’,nt’,v’,s’,β,TimeB))db mod nb (et’,nt’,v’,s’,β,TimeB),SignB s’=r-1β mod nb 10 Protocol Characteristics Strong privacy protection Non-repudiation Bank and merchant cannot determine buyer All message are signed Strong safety protection Only authorize e-cash owner can use the e-cash 11 Analysis Anonymity analysis Partial blind signature Anonymous temporary public key Non-repudiation analysis E-cash issue The message is signed with the customer’s certificate Online shopping The messages are signed with the private key of the e-cash 12 Analysis Security analysis Passive attacks Transmiting messages are protected with SSL security channel Bank cannot determine who holds the temporary public key Active attacks Replay attack: Time stamp “Time” Modification attack: Verify signature “Sign” 13 Conclusions Strong privacy protection Non-repudiation services Against denying, double-spending, losting, misusing and stealing of the e-cash Could be implmented with XML and SSL security channel 14 Comments Bank should verify s and v in on-line shoping stage How to use remainder money? Bank records e-cahs (et,nt,v,s) and remainder ecash RM Future work Implemented in public network? Without CA? 15
© Copyright 2025 Paperzz