This preview shows page 1. Sign up to view the full content.
Unformatted text preview: bank wants to see. Then, she splits it into two pieces using the secret splitting protocol (see Section 3.6). Then, she commits to each piece using a bitcommitment protocol. For example, I37 consists of two parts: I37L and I37R. Each part is a bitcommitted packet that Alice can be asked to open and whose proper opening can be instantly verified. Any pair (e.g., I37L and I37R, but not I37L and I38R), reveals Alice’s identity. Each of the money orders looks like this: Amount Uniqueness String: X Identity Strings: I1 = (I1L,I1R) I2 = (I2L,I2R) .... In = (InL, InR) (2) Alice blinds all n money orders, using a blind signature protocol. She gives them all to the bank. (3) The bank asks Alice to unblind n  1 of the money orders at random and confirms that they are all well formed. The bank checks the amount, the uniqueness string, and asks Alice to reveal all of the identity strings. (4) If the bank is satisfied that Alice did not make any attempts to cheat, it signs the one remaining blinded money order. The bank hands the blinded money order back to Alice and deducts the amount from her account. (5) Alice unblinds the money order and spends it with a merchant. (6) The merchant verifies the bank’s signature to make sure the money order is legitimate. (7) The merchant asks Alice to randomly reveal either the left half or the right half of each identity string on the money order. In effect, the merchant gives Alice a random n bit selector string, b1, b2,..., bn. Alice opens either the left or right half of Ii, depending on whether bi is a 0 or a 1. (8) Alice complies. (9) The merchant takes the money order to the bank. (10) The bank verifies the signature and checks its database to make sure a money order with the same uniqueness string has not been previously deposited. If it hasn’t, the bank credits the amount to the merchant’s account. The bank records the uniqueness string and all of the identity information in a database. (11) If the uniqueness string is in the database, the bank refuses to accept the money order. Then, it compares the identity string...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details