Electronic cash protocols

Security in Computing (3rd Edition)

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 20 In this lecture we will explore some issues in implementing a digital form of cash - ecash. We normally think of cash as paper money or coins issued by the treasury or a central bank. Can the assurances normally assumed for cash be made to carry over to the digital domain in the form of a sequence of bits? To explore some of the issues that arise in this context, let us consider a protocol involving three players: the customer, the merchant and the bank. The outline of the protocol we would like to implement is as follows: The customer, Alice, interacts with the bank to withdraw some cash. She then interacts with the merchant, exchanging the cash for some goods. The merchant, Bob, then interacts with the bank to deposit the cash in his account. A Frst attempt at implementing this protocol might look like this: 1. The bank sends Alice a digital $1 bill. This might be a message signed with the bank’s RSA private key saying ”serial number x. This is a $1 bill.” 2. Alice sends the cash to Bob in exchange for goods. 3. Bob later deposits the cash into his account at the bank. There are several problems with this protocol. • It is not anonymous. The bank gets to keep a record of all of Alice’s spending. • Double spending. Since the cash is digital in nature, Alice can easily duplicate it and spend the same $1 bill again with another merchant, Carol. Blind Signatures: One of the key building blocks to achieve anonymity is a blind signature. Recall that RSA signatures require the signer to compute m d mod N , where ( d , N ) is the private key and ( e , N ) is the public key. A blind RSA signature is carried out as follows: • Alice sends Bob s = ( r e m ) mod N where r is a random number mod N . • Bob computes
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 01/29/2008 for the course CS 194 taught by Professor Joseph during the Fall '05 term at University of California, Berkeley.

Page1 / 3

Electronic cash protocols - CS 161 Fall 2005...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online