Clemente-Cuervo et al. A PDA Implementation of an Off-line e-Cash Protocol.

Clemente-Cuervo et al.

A PDA Implementation of an Off-line e-Cash

Protocol


E-cash basic definitions


Features of the Standard Cash

• Banknotes:Provides anonymity

They are valid virtually everywhere

The legitimate owner is the one who carries them

Portability of great amounts of money is difficult/risky

All transactions must be performed personally


• Credit/Debit Cards:transactions of big quantities of money are possible

They are portable and secure →People trust them.

Electronic transactions are possible

They can be used for getting banknotes

A legitimate owner must authenticate him/herself

They do not provide anonymity

The Bank must authorize the transaction via electronic connection → on-line protocols are required

Credit/Debit Cards Features


Alternative: E-cash

• Goals– To substitute standard banknotes– To provide more flexibility than credit/debit

cards• Requirements

– anonymity – Non-traceable protocols – fairness– divisibility– transferability – Off-line protocols– accountability


E-cash: Previous Works (1/2)

• In 1982, David Chaum proposed a way to make electronic

payments anonymously, introducing the concept of e-

cash.

• However the main drawback of the e-cash concept is that

electronic money could be copied and reused (double

spending problem).

• In ‘88, Chaum, Fiat and Naor proposed an off-line protocol.

• In ’91, Okamoto and Otha proposed that an ideal e-cash

system should have the following properties:

independence, security, privacy, off-line payment,

transferability, divisibility.


E-cash: Previous Works (2/2)

• In 1993, S. Brands proposed a new protocol, whose security lies in the Schnorr digital signatures and prime finite field arithmetic.

• In 1996, Frankel, Tsiounnis and Yung [11], [12] proposed the concept of Fair Off-line e-Cash. There, an entity called the Authority was used to guarantee the anonymity of a purchaser as long as he/she makes legal transactions. If a purchaser tries to commit fraud, the Bank could request the tracing of a coin or the tracing of the owner of a coin.

• Many other systems have been proposed recently…


Comparison Table of e-cash Protocols


Protocol Description


E-cash Model


Model and Protocols

Our system consists of four entities, namely, • The Bank.• The Purchaser; • The Store;• The AuthorityAnd the scheme consists of five sub-protocols:1. Initialization Process2. Withdrawing protocol3. Payment/purchasing protocol4. Deposit/collection protocol5. Owner/coin tracing protocol


Initialization Process


Coin Generation

A coin is represented as a six-tuple:{A, B, z, a, b, r}, Where:• A, B contain user information (encrypted)• z, a, b contain coin information required •for verification (encrypted)•r Bank signature (under the Schnorr scheme)


Coin Signature


Design and Implementation


The Mobile e-cash system


Architectural Design


PDA Specification

Sharp Zaurus 5600

Operating System Linux

Processor Intel XScale @ 400MHz

Memory 128MB SDRAM;48MB ROM


Withdraw protocol using a key of 128 bits


Cryptographic Operations per Protocol

Protocol Crypto Operations Bandwidth

Withdrawal 15 exponentiations, 2 inverses

1.7KB

Payment 6 exponentiations, 1 inverse

2.5KB

Deposit None 1.9KB

Tracing 1 exponentiation, 1 inverse

657B


Conclusion

We present the implementation of a fair e-cash protocol

especially designed for mobile wireless environments,

with the following features:

• Our protocol attempts to offer a reasonable balance

between anonymity; and the possibility of revoking that

anonymity under special circumstances.

• For that, our system considers two protocols especially

designed for tracing purposes: a coin tracing and an

owner tracing protocol;

• Our system was written in Java and it was implemented

in a wireless environment with PDA mobile devices.

Clemente-Cuervo et al. A PDA Implementation of an Off-line e-Cash Protocol.

Documents

Transcript of Clemente-Cuervo et al. A PDA Implementation of an Off-line e-Cash Protocol.