An Efficient Method for
Finding Minimum Hash
Chain of Multi-Payword
Chains in Micropayment
Authors:
Ching-Nung Yang and Hsu-Tun Teng
Source:
IEEE International Conference on ECommerce, 2003(CEC 2003), 24-27
June 2003, Pages: 45 – 48
Date:
2005/01/20
Presenter: Jung-wen Lo(駱榮問)
Outline

Introduction








Single-Payword Chain
Multi-Payword Chain
Preliminaries
Strategies
Example
Comparison
Conclusions
Comments
2
Introduction

Rivest & Shamir 1997
Customer
Vendor
1. Pick wn
2. w0=hn(wn); wi=h(wi+1)
Payword: {w0,w1,…,wn}

S(w0)
(i,wi)
w’0=hi(wi)
S(w’0)?=S(w0)
Netpay 1999
Customer
Broker
IDC,n,IPV
w0=hn(wn)
EPKC({w0,w1,…,wn})
※
EPK():PK Fct
S():Signature
Vendor
IDC,(i,wi)
EPKV(S(IDC,w0))
w’0=hi(wi)
S(w’0)?=S(w0)
3
Introduction: Multi-Payword Chain


Denomination: $1, $2, $3, $4, $5, $6
Payword roots: {w10, w20, w30, w40, w50, w60}


Ex. $16 =



wij=w(ij+1); j=n-1,n-2,…,0 & i=1,2,…,6
s1={w61,w62,w41}  Length=3
s2={w11,w12,w13,w14,w15,w16}  Length=6
Problems (Aim)
1. How to find the minimal hash chain such that the number
of hash operations can be reduced as small as possible.
 Efficiency
2. How to let the payment be divided equally among every
single chain in multi-payword chains such that every single
chain has about equal length after each purchasing.
 Future Efficiency
4
Preliminaries (1/2)

Pnm',h',l ' :The number of partition
of integer n’ into m parts
n’=a1+a2+a3+…+am
 h’ ≧a1≧a2≧…≧am≧l’
Pnm,h :







(b1,b2,…,bm)=
(a1-(l’-1),a2-(l’-1),…,am-(l’-1))
n=b1+b2+b3+…+bm
=n’-m×(l’-1)
Ex. Value 5
Length No.
1
2
3
4
5
1
2
2
1
1
Item
5
4+1, 3+2
3+1+1, 2+2+1
2+1+1+1
1+1+1+1+1
h=h’-l’+1
h≧b1≧b2≧…≧bm≧1
Pnm',h',l ' can be reduced to Pnm,h
5
Preliminaries (2/2)
m



m
n,h
Property 1: P
 P
Property 2: Pnm,h 
i 0
i
n  m , h 1
m
m
i
P

P
(or n  m ,h  n , h 1
i 0
)
h
m 1
P
 n  i ,i
i 1
Theorem 2.1. The mmin of Pnm',h',l '  n' / h'
6
Strategies
Aggressive mode

Find the smallest parts of partitions (mmin of Pnm,h ).
2.
Keep the length of each payword chain as equal as possible
from the partitions of step 1.
 Minimal hash operations.
 Payword chains with large denomination size will be used up
quickly.
1.
Balance mode

Select the partition results from all of the possible partitions (all
possible values of m in Pnm,h ).
2.
Keep the length of each payword chain as equal as possible
from the possible partitions of step 1.
 Obtain the length of multi-payword chains for one payment as
small as possible
 Spend each payword with the almost equal length.
 Take more time
1.
7
Example (1/2)

Four payword chains: $2, $3, $4, $5
Payment=$16

Aggressive mode
P16m,5, 2  P16mm( 21),521  P16mm, 4
mmin  16 / 5  4
P16mm, 4  P124 , 4  4
(b1,b2,b3,b4)=(a1+1, a2+1, a3+1, a4+1)
 (5,4,4,3)  {w11,w32,w41}
 (5,5,4,2)  {w11,w31,w42}
8
Example (2/2)

Balance mode
 Keeping the length
of each payword
chain as equal as
possible from Table
3.2.

(5,4,3,2,2) 
{w12,w21,w31,w42}
9
Comparison
Rivest-Shamir’s scheme
Computation
Storage
Verify multipayword Chains
Customer
Vendor
Computation
Storage
1. Create multipayword chains
2. Verify multipayword
Chains
Broker
1. Create multipayword chains
2. Find minimal
multi-payword
chains for one
payment
Netpay scheme
Store Multipayword
Chains
Find minimal
multi-payword
chains for one
Payment
Store multipayword
chains
Verify multipayword chains
10
Conclusions
Propose a new partition problems.
 Shows multi-payword chains with
different values efficiently for Aggressive
mode and Balance mode.
 The original single payword chain with h
value is a special case of our payword
m
P
scheme when use the partition n,h,h .

11
Comments

Implementation



Balance mode provide future efficiency


Aggressive mode: 大面額優先使用
Balance mode: 每一輪回中, 每種面額都儘可能的挑選
Total hash number won’t be changed
Do not define m=0 Ex. Pn0,h or set i begin with 1
12