3. 1. In the era of information Tech revolution, advances in computer
technology and internet have led to development and gradual widespread use of
concepts such as e-commerce, e-banking, DMAT accounts, e-governance, e-retail.
2. Countries and trade blocs are vying each other to become the global currency
for trade, currently dollar holds the distinction of being the most widely
accepted currency. Advances in Digital Cash mechanism could create a truly
global currency, and e-currencies like `Bitcoin’ could also be traded offline.
3. Global response Digital cash and e-currencies like `Flooz’,`Beenz’, and David
Chaum created `DigiCash’, is evidence of its potential. Specifically, merchants are
interested in new and exciting payment mechanism, something which would
offer anonymity and global acceptance.
3
4. Digital cash aims to mimic the functionality of paper cash, by providing such properties
of anonymity and transferability of payment. Digital cash is intended to be
implemented data which can be copied, stored, or given as payment (for example,
attached to an email message, or via a USB stick, Bluetooth, etc).
Just like paper currency and coins, digital cash is intended to represent value because it
is backed by a trusted third party (namely, the government and the banking industry).
A payment message bearing a digital signature which functions as a medium of
exchange or store of value.
Need to be backed by a trusted third party, usually the government or banks.
4
5. David Lee Chaum (born
1955) is the inventor of
many
cryptography protocols, as
well as E-
cash and DigiCash. His
1981 paper, "Untraceable
Electronic Mail, Return
Addresses, and Digital
Pseudonyms", laid the
groundwork for the field of
anonymous
communications research.
The first electronic payment
was sent in 1994.
5
6. • Most money is already paid in electronic form; for example, by credit or debit card, and by
direct transfer between accounts, or by on-line services such as PayPal. This kind of electronic
money is not digital cash, because it doesn't have the properties of cash (namely, anonymous
and off-line transferability between holders).
• Buyer can pay electronically by transmitting a unique number (called digital certificate)
similar to a banknote number. Like the serial numbers on real dollar bills, the digital cash
numbers are unique. Each one is issued by a bank and represents a specified sum of real
money. One of the key features of digital cash is that, like real cash, it is anonymous and
reusable. That is, when a digital cash amount is sent from a buyer to a vendor, there is no way
to obtain information about the buyer.
• Unlike credit card payments where the identity of the buyer can be established,
digital cash (just like real cash) is anonymous. Credit cards and e-cash can be used for online
transactions or via POS machines only , Digital cash can be used offline.
• Thus all digital cash is e-cash but all e-cash is not digital cash. Also called electronic
cash.
6
11. Bank
MerchantUser
• Alice gets Digital Cash from
Bank
– Alice creates m=amount,
serial number
– Private, public key pair of
the bank is d,e (mod n)
– Bank returns md
• Alice pays Digital Cash to a
Merchant
– md
• Merchant can verify md with
the Bank
Link with Other Banks
Payments
WithdrawCoins
11
12. • Blind signatures are used when you want someone to
sign something but you don’t want them to see what
they are signing.
• This is done by multiplying the message by a secret
number (called blinding).
• The signer signs the blinded message.
• The secret number can be divided out to get a signed
version of the message.
12
13. • message m = amount
• d is secret key of the
Bank
• Add a blinding factor b
r = (m)be
rd = (mbe)d
Bank could keep a
record of r
Remove blinding factor
(mbe)d = (m)dbed
b-1 md
13
14. • Banks public key = 17 (n=77)
• Banks private key = 53
• Alice’s message = 28
• Alice chooses a blinding
factor=6
• Alice asks Bob to sign 28*617
mod 77 = 70
• Bob signs 70 and sends Alice
7053 mod 77=42
• Alice can compute 42.6-1(mod
77) to get 7
– Note that 2853 mod 77 = 7
Blind Signature
14
15. • Alice creates k items of m
Random Serial Number
m1
Random Serial Number
, …, mk
m1 = (…, amount, serial number)
mk = (…, amount, serial number)
15
16. • Alice creates blinding factors:b1
e,…, bk
e
• Blind the units - m1b1
e, …, mk bk
e
m1b1
e mkbk
e, …,
Bank
• Send to bank for signing
16
17. • Bank chooses k –1 items to check (at random)
• Customer gives all blinding factors except one
(say unit i)
• Bank checks they are correct
i
17
18. • Bank signs the remaining one and sends it
back – (mibe
i)d = mi
dbi
Customer
• The customer removes the blind using bi
-1
mi
d
18
19. Here is the summary of the pros and cons of the online system:
Pros
• Provides fully anonymous
and untraceable digital cash:
• No double spending
problems (coins are checked
in real time during the
transaction).
• No additional secure
hardware required
Cons
• Communications overhead
between merchant and the
bank.
• Huge database of coin records
-- the bank server needs to
maintain an ever-growing
database for all the used coins’
serial numbers.
• Difficult to scale, need
synchronization between bank
servers.
• Coins are not reusable
19
20. Processing Cost per Transaction
0.00
0.20
0.40
0.60
0.80
1.00
1.20
Cash Check Credit
Card
Electronic
Bill
Debit E-Cash
Electronic
Paper Cash
Source: The Boston Consulting Group 20
22. • Let us denote Alice’s username as I
• We will split I into n parts such that
–Each part on its own does not contain any
information about I
–All n parts can be combined to reveal
username
• How does it work?
–Alice picks a random numbers r
–Alice calculates s = I r
22
23. • Alice’s Username = 2510
• Alice picks a random number r = 1500:
• S=2510 1500 = 3090
• The username can now be split into 2 parts
– 1500 and 3090
• On their own they don’t reveal the username,
but when combined using the XOR, the
username is revealed
– 1500 3090 = 2510
23
24. A Coin
• User ID:
1500 3090
4545 6159
5878 7992
Header Information – 100$
Serial number - 123456
Transaction Item – pairs of user IDs
24
25. • User ID:
1500 XOR 3090 = 2510
4545 XOR 6159 = 2510
5878 XOR 7992 = 2510
User ID
Header Information – 100$
Serial number - 123456
Transaction Item – pairs of user ID’s
25
26. • Alice presents a token
to a Merchant
• Merchant asks Alice to
reveal part of each
user ID pair
– Merchant decides if he
wants to know the
right half or the left
half
– Alice blanks out the
other half
26
27. • User ID:
0 3090
4545 6159
5878 7992
Randomly blank one side of each identity pair
27
28. • User ID:
0 3090
4545 0
5878 7992
Randomly blank one side of each identity pair
28
29. • User ID:
0 3090
4545 0
5878 0
Randomly blank one side of each identity pair
29
30. • User ID:
0 3090
4545 0
5878 0
•You can no longer tell who owns the coin
•Merchant would now deposit this coin into the bank
•Note that token has half of user ID pair revealed
•Bank verifies token and adds to database of spent tokens
30
31. • User ID:
1500 0
4545 0
0 7992
•Before the user spent the coin the first time, the user
made a copy of it
•Merchant would now deposit this coin into the
bank
31
32. • Original Coin
• User ID:
0 3090
4545 0
5878 0
• Duplicate Coin
• User ID:
1500 0
4545 0
0 7992
This is what is in the bank
32
33. Pros
• Off-line, portable scheme
• User is fully anonymous unless
double spends
• Bank can detect double
spender (with high probability)
• Banks don’t need to
synchronize database in each
transaction.
• Coins are reusable
Cons
• Might not prevent double
spending immediately
• More expensive to
implement - the extra
security hardware needed in
the system requires an
additional cost
33
36. • There a number of
competing protocols, and it
is unclear which ones will
become dominant. Most
digital cash systems start
with a participating bank
that issues cash numbers or
other unique identifiers that
carry a given value.
Bitcoin is a successful
digital currency, developed
on the concept of digital
cash developed by David
Chaum. Bitcoin cannot be
traded offline.
36
38. /
• Peter Wayner, Digital Cash, Academic Press Inc; Pap/Cdr
edition
(1 October 1995)
• https://www.cs.bham.ac.uk/~mdr/teaching/modules06/netsec
/lectures/DigitalCash.html
• David Chaum, Amos Fiat and Moni Naor, "Untraceable
Electronic Cash", in Advances in Cryptology - CRYPTO '88
Proceedings.
• David Chaum, “Blind Signature System”. US Patent
#4759063
• illinois.edu
38