electronic cash
Skip this Video
Download Presentation
Electronic Cash

Loading in 2 Seconds...

play fullscreen
1 / 55

Electronic Cash - PowerPoint PPT Presentation

  • Uploaded on

Electronic Cash. Bahman Radjabalipour Ositadimma Maxwell Ejelike School of Computer Science University of Windsor April 2006. Contents. Introduction “What is money?” "Research on electronic payment model“ "A new electronic cash model”

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Electronic Cash' - daw

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
electronic cash

Electronic Cash

Bahman Radjabalipour

Ositadimma Maxwell Ejelike

School of Computer Science

University of Windsor

April 2006

  • Introduction
  • “What is money?”
  • "Research on electronic payment model“
  • "A new electronic cash model”
  • “PayCash: a secure efficient Internet payment system.”
  • Conclusion
paper 1
Paper 1


Ray Byler, Ph.D.

Assistant Professor of Computer Science

Lyon College

Batesville, Arkansas 72501

  • Most of the money that exists today doesn't exist as greenbacks, but as 1's and 0's in some computer.
  • Any monetary system, digital or otherwise, must be based on trust.
  • Reliability of that system
  • The belief that others will accept the system
areas of concern
Areas of Concern
  • Convertibility and Flexibility
    • connection to other monetary schemes
    • Converting electronic dollars to electronic coins
  • Privacy
    • Will government be able to track everything that users earn and spend
    • governments determine banking rules and regulations
  • Acceptability
  • Cost
background terms
Background Terms
  • Public-key Encryption
    • Diffie-Helman encryption
    • Messages encrypted with the public key can only be decrypted with the private key and vice-versa
  • RSA Encryption
    • Crated by Rivest, Shamir, and Adleman
    • less communications overhead
    • less secure
  • Digital Certificates
    • For verifying a public key
minting digital money important digital money schemes
Minting Digital MoneyImportant Digital Money Schemes
  • Ecash
  • Internet Keyed Payments Protocol (iKP)
  • Micro Payment Transfer Protocol (MPTP)
  • CyberCash
  • NetCheque
  • NetCash.
  • Creation of Dr. David Chaum
  • Diffie-Hellman public-private key
  • Proprietary rather than an open system
  • Did not have a payment limit to limit customer loss
  • Ecash had been used by Mark Twain Bank
ecash minting process
Ecash: Minting Process
  • Ecash coin begins life as a 100-digit random number chosen by a user software package
  • The user transmits this number to the bank/mint along with the denomination requested.
  • The bank/mint verifies that the number is not already in use,
  • Validates the number by encoding the number with the private key
  • Debits the user's account
  • Transmits the validated number back to the user, who records the coin on his hard disk.
ecash minting process cntd
Ecash: Minting Process (cntd)
  • Bank tracks the “serial number” of each coin that it issues to ensure that a coin is not used twice
  • Merchant must immediately check with the bank to verify the coins for each and every transaction
  • This is computationally expensive for buying something like a newspaper
  • Blind Signatures: a bank can verify that a coin is good, but cannot identify to whom it was issued.
ikp internet keyed payments protocol
iKP - Internet Keyed Payments Protocol
  • Proposed open standard by IBM
  • Securing electronic commercial transactions
  • Based on RSA public-key cryptography
  • Users with no prior relationship
  • iKP is designed to work with all Internet communications channels (e.g. http, shttp, email)
  • encryption is limited to sensitive data such as account numbers and PINs
  • The potential for credit card fraud is reduced by only transmitting account numbers between buyers and banks, sellers never see the account numbers
ikp weaknesses
iKP: weaknesses
  • Privacy: All payments can be traced
  • There is no support for small real-time payments
set secure electronic transaction
SET (Secure Electronic Transaction)
  • Based on iKP
  • developed by a consortium led by MasterCard and Visa
  • Primarily deals with credit card payments
  • Uses RSA for signatures
  • Private-key encryption: DES
micro payment transfer protocol mptp
Micro Payment Transfer Protocol (MPTP)
  • Closely linked to the proposed iKP standard
  • Is designed for payments that are too small to justify the overhead of iKP
  • MPTP processes can mostly be done off-line
  • Makes no distinction between merchant and customer
  • MPTP is based on Lamport's S/Key authentication mechanism (rfc1731)
  • Proprietary scheme
  • It is designed to work with credit cards, electronic checks, and electronic cash
  • It is presently implemented for credit cards
  • It is currently used by CyberCash Corporation, Xerox, Point Scandinavia AS, and the Bank of America, and is certified by most major credit cards.
netcheque and netcash
NetCheque and NetCash
  • invented by Clifford Neuman, Information Sciences Institute (ISI), University of Southern California (USC)
  • Based on the Kerberos security software system
  • Funded by ARPA (Advanced Research Projects Agency)
  • NetCheque software is free for personal, non-commercial or limited commercial use.
paper 2
Paper 2

Research on Electronic Payment Model

Bo Meng

Qianxing Xiong

College of Computer Science and Technology

Wuhan University of Technology


This paper introduces the 3e payment model.

The 3e payment model includes:

  • electronic credit card payment model
  • electronic cash payment model
  • electronic check payment model

Every electronic commerce system generally includes three parts:

  • data communication system: online procedure to establish business
  • logistics system: delivers products
  • electronic payment system.
jw janson and waidner model
JW (Janson and Waidner) Model
  • In JW model the electronic payment system is classified into:
    • cash-like payment system
    • cheque-like Payment System.
  • Both types of payment systems are direct payment systems, i.e., a payment requires an interaction between buyer and seller.
jw model cntd
JW Model (cntd)
  • There are also indirect payment systems where either buyer or seller initiates the payment without having the other party (seller or buyer, respectively) involved online.
na n asokan model
NA (N.Asokan) Model
  • In N.Asokan model two criterions are used to classify the electronic payment system
    • direct or indirect communication
    • The second criterion is the relationship between the time the payment initiator consider the payment as finished, and the time the value is actually taken from the payer.
  • N. Asokan model includes four payment models:
    • direct cash-like system
    • direct cheque-like system
    • indirect push system
    • indirect pull system.
3e payment model
3e Payment Model
  • Based on the previous two models
  • 3e model includes:
    • Electronic credit card payment model
    • Electronic cash Payment model
    • Electronic check Payment model
properties of online payment protocols
Properties Of Online Payment Protocols
  • Security:
    • message integrity
    • data confidentiality
  • Accountability
  • Atomicity:
    • money atomicity
    • goods atomicity
    • Certified delivery
  • Anonymity
  • Non-repudiation: provides proof of the integrity and origin of data
  • Fairness

A New Electronic Cash Model

Written By Xiaosong Hou, Chik How Tan

  • The paper presented a customer generated electronic cash model that offers unique trade-off between credit card and traditional off-line electronic cash systems
  • It addressed the problem of Online Transactions with Credit Cards as well as issues with current electronic payment systems
  • It applied the concept of Group Signatures, in the New Electronic Payment System.
group signature
Group Signature
  • Introduced by Chaum and Heijst in 1991
  • Type of Digital signatures that allows registered group member to produce a digital signature on a message
  • Consists of four procedures
    • Setup
    • Sign
    • Verify
    • Open
group signature contd
Group Signature Contd
  • Security Requirements for secured Group Signatures
    • Correctness
    • Anonymity
    • Unforgeability
    • Unlinkability
    • Exculpability
    • Traceability
the new electronic payment model
The New Electronic Payment Model.
  • Four Entities Involved
    • Bank,Group registration manager, maintains the accounts of all customers and registers new customers.
    • The clearing house, Group revocation

manager, clears the transactions between the shop and the customer.

    • The customer, group member, can make payment by signing the transaction message using his/her private membership key.
    • The shop can verify the signature using the group public key published by the bank
transactions in the new electronic payment model
Transactions in the New Electronic Payment Model
  • Account Opening Transaction.

Customer opens account in the bank and obtain a valid membership certificate and a secret

  • Payment Transaction.

Shop prepares payment message that contains transaction information, such as date, time, shop ID, currency and amount. Customer pays by signing the transaction message using his/her private membership key. The shop verifies the correctness of the customer’s payment signature, using the group public key published by the bank.

transactions in the new electronic payment model contd
Transactions in the New Electronic Payment Model Contd.
  • Deposit Transaction.

The shop deposits the collected payment messages to the clearing house. The clearing house, verifies the validity of the deposited payment transcripts, and sends the bank periodic summaries of settlement of funds. All transactions and settlement records are kept as evidence for audit and security purposes.

  • Tracing Transaction.

The bank knows the linkage between the account number and the customer identity, while the clearing house knows the linkage between the account number and the payment history, therefore, if and only if a Tracing Order (TO) is issued from the Judge, the clearing house can cooperate with the bank to achieve fair tracing.

building blocks
Building Blocks
  • It was derived from zero-knowledge proofs of a piece of information, and are denoted as ‘ZKP’ for short.
  • ZKP { (a) : y1 = ga1^ y2 = ga2}
proposed electronic system
Proposed Electronic System
  • Bank Parameters
    • The bank chooses two large random prime numbers p and q of the form p = 2p_+1 and q = 2q_+1 where p and q_ are prime numbers as well. The bank publishes n = pq and keeps p and q secret, then defines a subgroup of Z∗n and chooses two numbers z, h from this subgroup.
  • The Parameters of the Clearing House
    • The secret key of the clearing house is x and the public key of the clearing house is y = gx. Then a collision free hash function H is published
proposed electronic system contd
Proposed Electronic System Contd.
  • Opening AccountThe customer chooses two random prime numbers e and en, then he/she computes em = een and zm = zen. The bank computes u = zm 1/emand sends u to the customer, who checks that z = ue. The bank stores (u, em, zm) and the customer’s identity in the bank’s customer database.The customer keeps (u, e) as his/her membership key
  • Payment Protocols
    • The shop first generates a transaction message of payment for the customer to sign: m =H(ShopID,Date, Time, Amount,Currency).
    • The customer chooses an integer w and computes a =gw, b = uywand d = gehw.
    • Then the customer chooses r1, r2 and r3, and computes t1 = br1(1/y)r2 , t2 = ar1(1/g)r2, t3 =gr3 , t4 = gr1hr3 . After computation of c =H(g||h||y||z||a||b||d||t1///t2//t3//t4//m), the customer computes s1 = r1 − c(e − 2l1 ), s2 = r2 − cew, and s3 = r3 − cw.
proposed electronic system contd39
Proposed Electronic System Contd.
  • The signature of m is (c, s1, s2, s3, a, b, d).
  • The shop verifies the signature using the equation c =H(g||h||y||z||a||b||d||zcbs1−c2l1/ys2||as1−c2l1/gs2||acgs3||dcgs1−c2l1hs3||m).
  • The shop accepts the signature on the transaction message as a valid payment signature if the above stated equation holds
  • Deposit Protocol
    • The clearing house computes the identity code u = b/ax
proposed electronic system contd40
Proposed Electronic System Contd.
  • Deposit Protocol
    • The clearing house computes the identity code u = b/ax
security analysis
Security Analysis
  • Anonymity: loggaequals to logy(b/b´ )
  • Unforgeability: Only registered members signs signatures
  • Unlinkability: To find if two signed transaction messages (c, s1, s2, s3, a, b, d) and (c´, s1´, s2´, s3´, a´, b´, d´ ) are from the same customer will be

logy(a/a´ )= logy(b/b´ )= logy(d/d´ )

  • Non-framing: Since it is hard to compute the discrete logarithm of z to the base u, which known by customer, bank, clearing house and some customers cannot collude to sign name of non-involved customer
paper 4
Paper 4

PayCash: A Secure Efficient Internet Payment System

Written By Jon M. Peha and Ildar M. Khamitov

  • The paper describes PayCash, an Internet payment system that was designed to offer strong security and privacy protection.
  • This system creates verifiable records of all transactions that cannot be forged or undetectably altered by the party sending funds, the party receiving funds, or even by the operator of the payment system.
  • Flexible enough to accommodate privacy and security laws that differ from nation to nation.
  • It can be use by business-to-consumer, peer-to-peer funds transfers among consumers and among Businesses, and transfers from one agent of a licensed international funds transfer company to another.
status quo
  • Most Online transactions are done with Credit Cards
  • Credit card Frauds
  • Privacy is compromised with spam emails and telemarketing calls
  • Cost of transferring a payment can exceed the cost of the product itself.
design goals of effective payment system
  • Tamper-proof records:
  • Privacy Protection:
  • Flexible anonymity policies:
  • Protection from password guessing
  • Protection from outside observers:


  • Support for disconnected users:
  • Wide range of payments:
  • Multiple currencies:
  • Scalability
the suitability of chaum s electronic coins47
  • Digital strings that can be transferred anonymously from person to person just like cash.
  • a coin with serial number X is defined by{ X, g-1(f(X)) }, where f(.) and g(.) are functions that are easy to calculate and hard to invert.
  • Only payment system’s agent (which we call the Payment Authorizer) can “mint” a coin because only this agent can apply the function g-1(.)
  • The agent must mint the coin with serial number X without learning X or f(X).
limitation of chaum s coin
  • A serious limitation of this scheme is the absence of tamper-proof transaction records.
  • Supporting a wide range of payments is also problematic.
  • List of all spent coins must be maintained, and frequently searched.
paycash approach
  • Producing Tamper-Proof Records
    • All transaction records are digitally signed, and integrated into the payment system itself to create tamperproof records
  • Customer generates a pair of public and private keys, P and S for this signature.
  • Coin is { P, g-1(f(P)) }.P is both serial number and public key. To transfer one coin, the user sends {record, Sign(S,record), P, g-1(f(P)) }.
    • Record is a description of the transaction, including recipient of the funds, timestamp, and any other information, or at least a hash of the function
condition for valid payment
  • Payment has not already been made with serial number C.
  • The coin has been properly minted with the g(.) function i.e. f(C)=g(D),
  • The digital signature is correct, i.e. Verify(C, B) = A,
  • The recipient of the funds transfer corresponds with the one listed in record A.
protocol for contract
Protocol for Contract
  • Consumer sends information to merchant to be placed

in contract

  • Merchant composes contract, digitally signs it, sends result back to consumer.
  • Consumer includes a hash of the signed contract in record, constructs payment as described above, and sends it to merchant.
  • Merchant sends message to the Payment Authorizer to make sure the payment is valid.
  • Payment authorizer checks the signature, makes sure that the serial number has not been spent already, updates records, and informs the merchant that the payment succeeded.
  • The merchant informs the consumer that the payment succeeded.
making payments of different amounts
Making Payments of Different Amounts
  • For each serial number P, the payment system agent keeps track of the total amount of money m(P) that has been spent so far.
  • For K coins and value c, N ≥ k + m(P)/c.
  • The same serial number can be minted multiple times with g-1(.)
  • Define a Paybook(N,P), of N coins with serial number P as Paybook(N,P), = {N, P, g-N(f(P)) }
    • Where N is non-negative integer,g-0=x, and


multi coin payment
  • Set:{record, Sign(S,record), PayBook(n,P) } ={record, Sign(S,record), n, P, g-n(f(P)) }
    • Transaction records include amount q
  • A payment {record, sign, n, P, Y} of amount q is valid if the following conditions are met.
  • The Payment Authorizer verifies that the paybook is valid, i.e. f(P) = gn(Y). If this condition is not met, or if the paybook is empty (n=0), then the payment is rejected.
  • The payment Authorizer verifies that the digital signature is correct, i.e. Verify(P, sign) = record. If not,the payment is rejected.
  • The Payment Authorizer checks its table to determine the amount of money m(P) associated with this paybook that has already been spent. If no paybook has been seen before with serial number P, then a new one is created with m(P)=0.
  • If there are insufficient funds, i.e. nc < q+m(P), then the payment is rejected. Otherwise, the payment is authorized, and m(P) is increased by q.
  • Security: Any successful digital money system will probably have to rely on public-key cryptography
  • Disadvantages of most electronic cash systems:
    • Lack of insurance
    • Overhead costs
    • Database size

[1] Xiaosong Hou; Chik How Tan, "A new electronic cash model," Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on , vol.1, no.pp. 374- 379 Vol. 1, 4-6 April 2005

[2] Bo Meng; Qianxing Xiong, "Research on electronic payment model," Computer Supported Cooperative Work in Design, 2004. Proceedings. The 8th International Conference on , vol.1, no.pp. 597- 602 Vol.1, 26-28 May 2004

[3] Byler, R. What is money?. In Proceedings of the 2nd Annual Conference on Mid-South College Computing (Little Rock, Arkansas, April 02 - 03, 2004). ACM International Conference Proceeding Series, vol. 61. Mid- South College Computing Conference, Little Rock, Arkansas, 200-209. 2004.

[4] Peha, J. M. and Khamitov, I. M. PayCash: a secure efficient Internet payment system. In Proceedings of the 5th international Conference on Electronic Commerce (Pittsburgh, Pennsylvania, September 30 - October 03, 2003). ICEC '03, vol. 50. ACM Press, New York, NY, 125-130. 2003.