More Related Content
What's hot
What's hot (20)
Similar to Digital cash
Similar to Digital cash (20)
More from Subhash Mandal
More from Subhash Mandal (19)
Recently uploaded
Recently uploaded (20)
Digital cash
- 1. Digital Cash Present By Kevin, Hiren, Amit, Kai
- 2. What is Digital Cash? ¨ A payment message bearing a digital signature which functions as a medium of exchange or store of value ¨ Need to be backed by a trusted third party, usually the government and the banking industry.
- 3. Key Properties ¨ Secure ¨ Anonymous ¨ Portable ¨ Reusable ¨ User-friendly
- 4. Digital Cash vs Credit Card Anonymous Identified Online or Off-line Online Store money in digital wallet Money is in the Bank
- 5. The Online Model ¨ Structure Overview Link with other banks Deposit Coins Bank Withdraw Coins Payment User Merchant
- 6. Pros and Cons of the online scheme ¨ Pros – Provides fully anonymous and untraceable digital cash. – No double spending problems. – Don't require additional secure hardware – cheaper to implement. ¨ Cons – Communications overhead between merchant and the bank. – Huge database of coin records. – Difficult to scale, need synchronization between bank servers. – Coins are not reusable
- 7. The Offline Model ¨ Structure Overview Bank Merchan t User Temper-resistant device Others T.R.D .
- 8. Pros and Cons of the offline model ¨ Advantages – Off-line scheme – User is fully anonymous unless double spend – Bank can detect double spender – Banks don’t need to synchronize database in each transaction. – Coins could be reusable – Reduced the size of the coin database. ¨ Disadvantages – Might not prevent double spending immediately – More expensive to implement
- 9. Traceable Signature Protocol Merchant Customer Bank m message m = amount, serial no (m)d d is secret key of the Bank (m)d spend send m (m)d send (m)d verify
- 10. Blind Signatures ¨Add a blinding factor b ¨ r = (m)be ¨rd = (mbe)d ¨Bank could keep a record of r ¨Remove blinding factor ¨ (mbe)d = (m)dbed ¨ b-1 md message
- 11. Untraceable Digital Cash ¨Create k items of m m1 = (…, amount, serial number) mk = (…, amount, serial number) Random Serial Number m1 Random Serial Number , …, mk
- 12. Untraceable Digital Cash ¨Create blinding factors:b1 e,…, bk e ¨Blind the units - m1b1 e, …, mk bk e m1b1 e mkbk , …, e Bank ¨Send to bank for signing
- 13. Untraceable Digital Cash ¨Bank chooses k –1 to check ¨Customer gives all blinding factors except for unit i ¨Bank checks they are correct i
- 14. Untraceable Digital Cash ¨Bank signs the remaining one and sends it back – (mbe )d = mdbiii i Customer ¨The customer removes the blind using bi Serial no -1 mi d
- 15. Problem! ¨When the merchant receives the coin, it still has to be verified ¨The merchant has to have a connection with the bank at the time of sale ¨This protocol is anonymous but not portable
- 16. How to make it off-line
- 17. Secret Splitting ¨A method that splits the user ID in to n parts ¨Each part on its own is useless but when combined will reveal the user ID ¨Each user ID is XOR with a one time Pad, R
- 18. Cont… ¨E.g. User ID = 2510, R = 1500: ¨2510 XOR 1500 = 3090 ¨The user ID can now be split into 2 parts, I.e. 1500 and 3090 ¨On their own they are useless but when XOR will reveal the user ID ¨I.e 1500 XOR 3090 = 2510
- 19. A Typical Coin ¨Header Information ¨Serial number ¨Transaction Item – pairs of user ID’s ¨ User ID: 1500 3090 4545 6159 5878 7992
- 20. A Typical Coin ¨Header Information ¨Serial number ¨Transaction Item – pairs of user ID’s ¨ User ID: 1500 XOR 3090 = 2510 4545 XOR 6159 = 2510 5878 XOR 7992 = 2510 User ID
- 21. Blanking Randomly blank one side of each identity pair ¨ User ID: 0 3090 4545 6159 5878 7992
- 22. Blanking Randomly blank one side of each identity pair ¨ User ID: 0 3090 4545 0 5878 7992
- 23. The coin is now spent You can no longer tell who owns the coin ¨ User ID: 0 3090 4545 0 5878 0 •Merchant would now deposit this coin into the bank
- 24. The coin is copied and spent at another merchant •Before the user spent the coin the first time, the user made a copy of it ¨ User ID: 1500 0 4545 0 0 7992 •Merchant would now deposit this coin into the bank
- 25. How can we catch the user? ¨ Original Coin ¨ User ID: 0 3090 4545 0 5878 0 ¨ Duplicate Coin ¨ User ID: 1500 0 4545 0 0 7992 This is what is in the bank
- 26. How can we catch the user? ¨ Original Coin ¨ User ID: 0 3090 4545 0 5878 0 ¨ Duplicate Coin ¨ User ID: 1500 0 4545 0 0 7992 This is what is in the bank 3090 XOR 1500 = 2510 5878 XOR 7992 = 2510 User ID
- 27. Probability of catching the culprit ¨Depends on the number of the identity strings used ¨Probability of catching a user is: – 1 - ½n , where n is the number of identity strings E.g. n = 5, the probability of catching a user is: 0.97
- 28. Reusability ¨Once the coin has been spent the merchant has to deposit it to the bank ¨Therefore, coin can only be spent once ¨Convenience, ability to give change, unnecessary transactions between bank and merchant ¨Banks database size – less serial numbers ¨Solution – Add the new User ID to the coin
- 29. Setup ID=HIREN ID=KEVIN ID=AMIT
- 30. Coins ¨ Users Coin ¨ User ID: A MIT AM IT AMI T
- 31. Amit spends his coin at Hirens shop The coin will now look like this: Amit no longer owns the coin, it is bounded to Hiren User ID: A 0 0 IT AMI 0 HI REN HIR EN H IREN
- 32. Hiren can now go and spend his coin at Kevin's shop The coin looks like this: User ID: A 0 0 IT AMI 0 HI REN HIR EN H IREN
- 33. Hiren can now go and spend his coin at Kevin's shop The coin will now look like this: User ID: A 0 0 IT AMI 0 0 REN 0 EN H 0 KE VIN K EVIN KEV IN
- 34. Size Matters! ¨Coin m = (Serial num, denomination, Transaction list (transactions * user ID), Other Header info) ¨Limit size by Validity Period and/or max Transactions
- 35. Other proposals ¨What if you what buy something that costs £4.99 and you have £5 coin? ¨Would have a ‘file’ for every coin £4 £2 £2 £1 £1 £1 £1 £2 £1 £1 £2 £1 £1
- 36. Fair Blind Signatures ¨Possible solution to undetectable money laundering or ransom demands Sender Signing protocol Signer Message-signature pair Un-linkable View of protocol Judge
- 37. Conclusion ¨Feasible from a purely technological perspective ¨Anonymous is at the heart of the government's attack ¨Cannot attract funding
- 38. Advantages: ¨ Convenience ¨ Secure ¨ Handling costs ¨ Time saving ¨ Transaction Costs
- 39. Global Disadvantages ¨ Safety Issue ¨ Physical Securities ¨ Users Issue ¨ Legal problems
- 40. Questions?