1 / 40

Digital Cash

This paper explores the concept of digital cash, defining it as a secure and anonymous medium of exchange backed by trusted entities like banks or governments. We compare digital cash to traditional credit cards, discussing the online and offline models, their advantages, and disadvantages. The online model allows for fully anonymous transactions but faces challenges like database synchronization, while the offline model enables reusability of coins but requires more investment. We analyze protocols and methods like blind signatures and secret splitting, emphasizing their implications for user privacy and security.

gabriel-merritt
Télécharger la présentation

Digital Cash

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Digital Cash Present By Kevin, Hiren, Amit, Kai

  2. What is Digital Cash? • A payment message bearing a digital signature which functions as a medium of exchange or store of value • Need to be backed by a trusted third party, usually the government and the banking industry.

  3. Key Properties • Secure • Anonymous • Portable • Reusable • User-friendly

  4. Digital Cash vs Credit Card

  5. Link with other banks Bank Withdraw Coins Deposit Coins Payment Merchant User The Online Model • Structure Overview

  6. Pros and Cons of the online scheme • Pros • Provides fully anonymous and untraceable digital cash. • No double spending problems. • Don't require additional secure hardware – cheaper to implement. • Cons • Communications overhead between merchant and the bank. • Huge database of coin records. • Difficult to scale, need synchronization between bank servers. • Coins are not reusable

  7. The Offline Model • Structure Overview Bank Others T.R.D. Temper-resistant device Merchant User

  8. Pros and Cons of the offline model • Advantages • Off-line scheme • User is fully anonymous unless double spend • Bank can detect double spender • Banks don’t need to synchronize database in each transaction. • Coins could be reusable • Reduced the size of the coin database. • Disadvantages • Might not prevent double spending immediately • More expensive to implement

  9. Merchant Customer Bank send m (m)d spend (m)d send (m)d verify Traceable Signature Protocol m message m = amount, serial no (m)d d is secret key of the Bank

  10. message Blind Signatures • Add a blinding factor b • r = (m)be • rd = (mbe)d • Bank could keep a record of r • Remove blinding factor • (mbe)d = (m)dbed • b-1md

  11. Random Serial Number Random Serial Number m1 mk , …, Untraceable Digital Cash • Create k items of m m1 = (…, amount, serial number) mk = (…, amount, serial number)

  12. m1b1e mkbke , …, Bank Untraceable Digital Cash • Create blinding factors:b1e,…, bke • Blind the units - m1b1e, …, mk bke • Send to bank for signing

  13. i Untraceable Digital Cash • Bank chooses k –1 to check • Customer gives all blinding factors except for unit i • Bank checks they are correct

  14. Customer Serial no Untraceable Digital Cash • Bank signs the remaining one and sends it back – (mibei)d = midbi • The customer removes the blind using bi-1 mid

  15. Problem! • When the merchant receives the coin, it still has to be verified • The merchant has to have a connection with the bank at the time of sale • This protocol is anonymous but not portable

  16. How to make it off-line

  17. Secret Splitting • A method that splits the user ID in to n parts • Each part on its own is useless but when combined will reveal the user ID • Each user ID is XOR with a one time Pad, R

  18. Cont… • E.g. User ID = 2510, R = 1500: • 2510 XOR 1500 = 3090 • The user ID can now be split into 2 parts, I.e. 1500 and 3090 • On their own they are useless but when XOR will reveal the user ID • I.e 1500 XOR 3090 = 2510

  19. User ID: 1500 3090 4545 6159 5878 7992 A Typical Coin • Header Information • Serial number • Transaction Item – pairs of user ID’s

  20. User ID: 1500 XOR 3090 =2510 4545 XOR 6159 =2510 5878 XOR 7992 =2510 A Typical Coin • Header Information • Serial number • Transaction Item – pairs of user ID’s User ID

  21. User ID: 0 3090 4545 6159 5878 7992 Blanking Randomly blank one side of each identity pair

  22. User ID: 0 3090 4545 0 5878 7992 Blanking Randomly blank one side of each identity pair

  23. User ID: 0 3090 4545 0 5878 0 The coin is now spent You can no longer tell who owns the coin • Merchant would now deposit this coin into the bank

  24. The coin is copied and spent at another merchant • Before the user spent the coin the first time, the user made a copy of it • User ID: 1500 0 4545 0 0 7992 • Merchant would now deposit this coin into the bank

  25. Original Coin User ID: 0 3090 4545 0 5878 0 Duplicate Coin User ID: 1500 0 4545 0 0 7992 How can we catch the user? This is what is in the bank

  26. Original Coin User ID: 0 3090 4545 0 5878 0 Duplicate Coin User ID: 1500 0 4545 0 0 7992 3090 XOR 1500 = 2510 5878 XOR 7992 = 2510 User ID How can we catch the user? This is what is in the bank

  27. Probability of catching the culprit • Depends on the number of the identity strings used • Probability of catching a user is: • 1 - ½n , where n is the number of identity strings E.g. n = 5, the probability of catching a user is: 0.97

  28. Reusability • Once the coin has been spent the merchant has to deposit it to the bank • Therefore, coin can only be spent once • Convenience, ability to give change, unnecessary transactions between bank and merchant • Banks database size – less serial numbers • Solution – Add the new User ID to the coin

  29. Setup ID=HIREN ID=AMIT ID=KEVIN

  30. Coins • Users Coin • User ID: A MIT AM IT AMI T

  31. Amit spends his coin at Hirens shop The coin will now look like this: User ID: A 0 0 IT AMI 0 HI REN HIR EN H IREN Amit no longer owns the coin, it is bounded to Hiren

  32. Hiren can now go and spend his coin at Kevin's shop The coin looks like this: User ID: A 0 0 IT AMI 0 HI REN HIR EN H IREN

  33. Hiren can now go and spend his coin at Kevin's shop The coin will now look like this: User ID: A 0 0 IT AMI 0 0 REN 0 EN H 0 KE VIN K EVIN KEV IN

  34. Size Matters! • Coin m = (Serial num, denomination, Transaction list (transactions * user ID), Other Header info) • Limit size by Validity Period and/or max Transactions

  35. £4 £2 £2 £2 £2 £1 £1 £1 £1 £1 £1 £1 £1 Other proposals • What if you what buy something that costs £4.99 and you have £5 coin? • Would have a ‘file’ for every coin

  36. Sender Signer Signing protocol Un-linkable Message-signature pair View of protocol Judge Fair Blind Signatures • Possible solution to undetectable money laundering or ransom demands

  37. Conclusion • Feasible from a purely technological perspective • Anonymous is at the heart of the government's attack • Cannot attract funding

  38. Advantages: • Convenience • Secure • Handling costs • Time saving • Transaction Costs

  39. Global Disadvantages • Safety Issue • Physical Securities • Users Issue • Legal problems

  40. Questions?

More Related