COT 5405



1. Electronic Cash

Credit cards today dominate the online payment systems, but electronic cash is the way of the future. Electronic cash (also called e-cash or digital cash) is any value storage and exchange system created by a private (non-governmental) entity that does not use paper documents or coins and that can serve as a substitute for government-issued physical currency. Since e-cash is issued by many private companies, we need common standards for all e-cash issuers so that they are accepted by each other. Until now those common standards were not met. Every issuer has its own standards and e-cash is not universally accepted compared to government-issued physical currency.

Concerns about electronic payment methods include privacy and security, independence, portability, and convenience. Privacy and security issues are probably the most important issues.

E-cash has its unique security problems. E-cash must have two important characteristics in common with physical currency. It must be spent only once and it must be anonymous.

E-cash is independent and portable. E-cash is independent, if it is not related to any network or storage device. It is portable, if it can be freely transferable between any two parties. Credit and debit cards are not portable. In a credit card transaction, the credit card recipient must have an account established with a bank unlike the case in e-cash.

The most important characteristic of cash is convenience. If e-cash requires special hardware or software, it will not be convenient for people to use.

1.1. Advantages and Disadvantages of E-Cash

Transferring e-cash on the internet costs less than processing credit card transactions because conventional money exchange systems require banks, bank branches, clerks, automated teller machines, and an electronic transaction system to manage, transfer, and dispense cash. Operating this conventional money exchange system is expensive.

E-cash transfers occur on an existing infrastructure, the internet, and existing computer systems with no additional costs. With e-cash transferring money to next door or to the other side of the world costs the same, while distance and cost are proportional when we move physical cash and checks.

E-cash does not require authorization of payments, unlike credit card transactions.

E-cash does have disadvantages just like real cash, money laundering, it is not traceable. Also it can be forged.

For e-cash has to be successful, a standard must be developed for e-cash disbursement and acceptance.

1.2. How Electronic Cash works

To establish e-cash, a consumer opens an account with an e-cash issuer and presents proof of identity. The consumer can then withdraw e-cash by accessing the issuer’s web site and presenting proof of identity, such as a digital certificate. After the issuer verifies the consumer’s identity, it gives the consumer a specific amount of e-cash and deducts it from the consumer account. In addition, the issuer might charge a small processing fee. The consumer can store the e-cash in an electronic wallet on his or her computer. In addition, the consumer can authorize the issuer to make payments to third parties from the e-cash account.

2. Electronic Cash Protocols

One of the major problems of e-cash is double spending. The main deterrent to double spending is the threat of prosecution. Cryptography algorithms can help in this area to create e-cash that can be traced back to its origins.

Creating anonymous e-cash requires a bank to issue e-cash with embedded serial numbers such that the bank can sign the coins and then remove any association of the coins with any particular customer.

Every protocol consists of at least three types of transactions:

• Withdrawal: transfers coins to the customer.

• Payment: transfers coins to the merchant.

• Deposit: transfers coins to real currency.

Some protocols have an additional procedure, opening procedure, similar to opening an account with a bank. This procedure usually enables the bank to give the user a password to identify him self to the bank.

There are two types of electronic cash schemes:

On-line: validity of the transaction is checked while it is occurring. The coin is sent back to the bank or similar authority during the transaction to verify authenticity of coin and that it was not spent before. The advantage is that the bank can check and prevent illegal operations as they are happening unlike the case in off-line systems.

Off-line: validity of the transaction is checked after the transaction has occurred. The merchant or bank can conduct a series of calculation to reveal the customer’s identity when a security breach has occurred.

In general off-line schemes are more efficient than on-line ones. The two fundamental issues with any off-line electronic cash scheme have been the detection of double spending and provision of anonymity. Cut-and-Choose technology was one of the first techniques that were introduced to address the issue of double spending in an off-line scheme. However, it is not very efficient. Subsequently, other techniques had been proposed to achieve both problems without the Cut-and-Choose method.

2.1. Chaum-Fiat-Naor Scheme

The anonymity is presented through the use of RSA-based blind signatures and the cut and choose scheme.

This protocol allows the user to create a bank certified check without allowing the bank to know what it signed. The bank is not able to link a specific deposit with a specific withdrawal.

Withdrawal (Cut and Choose Method)

1. Alice generates n coins. Each coin contains the amount of the coin, a uniqueness string specific to the coin, and a series of identity string pairs which can be used to identify Alice. She blinds the coins and sends them to the bank.

2. The bank chooses n/2 coins of them randomly.

3. Alice reveals details for the n/2 coins chosen by the Bank

4. Bank checks that the n/2 coins contain the correct amount and that the uniqueness strings are indeed unique. The bank also requests that the customer reveals the identity string for all n coins.

5. The bank signs the unblinded coins and returns them to Alice.

6. Alice unblinds the coins but keeps the identity strings hidden.

[pic]

Payment

1. Alice sends the required number of coins to Bob.

2. Bob verifies that the coins are valid by checking the bank’s signature.

3. Bob challenges Alice to reveal one of the pair of identity strings for each coin. A random binary string r is used to determine which identity string is revealed.

If[pic], Alice responds with the left half of the coin’s identity string.

If[pic], Alice responds with the right half of the coin’s identity string.

4. Bob verifies that the coin has the correct form and that the revealed identity strings are correct.

[pic]

Deposit

1. Bob sends the payment transcript to the bank. This includes the coin and the half of the identity string which was revealed during the transaction.

2. The bank checks that no other coins in its database have the same uniqueness string.

3. If another coin has been returned with the same uniqueness string then double spending has occurred. The bank then checks the identity string with the list of strings it received from the customer during withdrawal.

• If the identity string is the same the bank knows that Bob has double spent.

• If the identity string is different the bank knows that Alice has double spent.

• The bank selects an identity string pair where one merchant has returned the left half and the other merchant has returned the right half. The bank then XORs the two halves to discover the identity of the customer. If the two merchants have used the same random string the customer’s id cannot be revealed.

4. If the uniqueness string is indeed unique the bank credits Bob account.

[pic]

A possible attack against this protocol is a cooperation attack between Alice and Eve. If Alice after paying Bob sends her spent coin to Eve with the binary string chosen by Bob and the response to this string, then Eve will have an exact payment history as Bob and the bank will not know which one of them is cheating.

2.2. Ferguson Scheme

This protocol uses secret sharing technique, which splits up a secret message between m different people and only if we have n ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download