Digital CashDigital Cash

By By

Gaurav ShettyGaurav Shetty

AgendaAgenda

Introduction.Introduction. Working.Working. Desired Properties.Desired Properties. Protocols for Digital Cash.Protocols for Digital Cash. Online modelOnline model Offline ModelOffline Model Security considerations.Security considerations.

IntroductionIntroduction

What is digital cash?What is digital cash? It is defined on the web as “digital cash It is defined on the web as “digital cash

is a digitally signed payment message is a digitally signed payment message that serves as a medium of exchange”that serves as a medium of exchange”

It is money represented as a binary It is money represented as a binary form of computer data.form of computer data.

Generally needs to be backed up by a Generally needs to be backed up by a trusted third party.trusted third party.

How does it work?How does it work?

Consider the following scenario.Consider the following scenario. Customer has an account in a bank.Customer has an account in a bank. Customer sends an encrypted mail to Customer sends an encrypted mail to

the bank requesting for money.the bank requesting for money. Bank has to authenticate the message Bank has to authenticate the message

and then debits the customers account.and then debits the customers account. It sends the customer the money which It sends the customer the money which

is an encrypted file containing a huge is an encrypted file containing a huge random number.random number.

How does it work? (Cont)How does it work? (Cont)

Customer can make purchases by Customer can make purchases by giving this file to the person or giving this file to the person or merchant that he is buying from.merchant that he is buying from.

The merchant then sends this file back The merchant then sends this file back to the bank which will credit his to the bank which will credit his account after verifying the file.account after verifying the file.

Desired Properties Desired Properties

Security.Security. Privacy.Privacy. Portability.Portability. Transferability.Transferability. Divisibility.Divisibility. Convenient to use.Convenient to use.

Digital Cash-ProtocolsDigital Cash-Protocols

There are 2 typesThere are 2 types Identified Digital Cash Protocol.Identified Digital Cash Protocol. Anonymous Electronic Money Protocol.Anonymous Electronic Money Protocol.

Identified Digital Cash Identified Digital Cash ProtocolProtocol

The steps involved in this protocol are The steps involved in this protocol are as follows.as follows. Customer sends digital money request to Customer sends digital money request to

the bank.the bank. Bank verifies the request and sends a Bank verifies the request and sends a

serial no along with the digital money.serial no along with the digital money. Customer purchases something and gives Customer purchases something and gives

the digital money to the merchant.the digital money to the merchant. Merchant sends the money to the bank and Merchant sends the money to the bank and

encashes it.encashes it.

Anonymous Electronic Anonymous Electronic Money ProtocolMoney Protocol

Here transaction is not traced back to the Here transaction is not traced back to the customer.customer.

The steps involved are as follows.The steps involved are as follows. Customer prepares m bank notes.Customer prepares m bank notes. Puts them in different envelopes with carbon Puts them in different envelopes with carbon

paper and seals them.paper and seals them. Bank opens m-1 envelops.Bank opens m-1 envelops. If all the notes have the same amount, then If all the notes have the same amount, then

bank signs the blind note and send it back to bank signs the blind note and send it back to the customer.the customer.

AEM Protocol (Cont)AEM Protocol (Cont)

Customer opens the envelope and uses Customer opens the envelope and uses the bank note to make a purchase.the bank note to make a purchase.

The seller checks the signature and The seller checks the signature and verifies the random number with the verifies the random number with the bank.bank.

If the random number is unique and If the random number is unique and then the seller accepts it.then the seller accepts it.

AEM Protocol (Cont)AEM Protocol (Cont)

Here the privacy of the customer is Here the privacy of the customer is protected as the bank does not know protected as the bank does not know the serial no of the bank note. the serial no of the bank note.

Security is an issue-double spending Security is an issue-double spending problem.problem.

Can be taken care of my storing the Can be taken care of my storing the serial no of bank notes in a DB.serial no of bank notes in a DB.

2 protocols can be derived from this.2 protocols can be derived from this. Online model.Online model. Offline model.Offline model.

Online Model.Online Model.

Bank is actively involved in the deal Bank is actively involved in the deal between customer and vendor.between customer and vendor.

Anonymous and untraceable cash Anonymous and untraceable cash provided.provided.

It has to maintain a database of It has to maintain a database of serial numbers.serial numbers.

Cannot reuse the serial numbers.Cannot reuse the serial numbers. Cheaper to implement.Cheaper to implement.

Offline modelOffline model Notes contain identity bit strings which Notes contain identity bit strings which

contain identifying information of customer.contain identifying information of customer. Information is split.Information is split. Same procedure as the AEM protocol is Same procedure as the AEM protocol is

followed and bank signs one of m bank notes followed and bank signs one of m bank notes and sends it back to the customer.and sends it back to the customer.

Identity string is also revealed to the bank.Identity string is also revealed to the bank. Customer spend the note. Vendor verifies Customer spend the note. Vendor verifies

the signature. Then asks customer to reveal the signature. Then asks customer to reveal one half of the identity string.one half of the identity string.

Offline modelOffline model

Vendor sends the note to the bank. Vendor sends the note to the bank. If there is a replication bank If there is a replication bank

compares the identity string with the compares the identity string with the one in the DB.one in the DB.

If it is the same-vendor trying to If it is the same-vendor trying to cheat.cheat.

If it is different-customer trying to If it is different-customer trying to cheat.cheat.

Offline model – E.G.Offline model – E.G.

To detect duplicate spending (Ref- [1]).To detect duplicate spending (Ref- [1]). Say User ID = 2510, Pad R =1500Say User ID = 2510, Pad R =1500 2510XOR1500 = 3090.2510XOR1500 = 3090. Identity string is a pair 1500 and Identity string is a pair 1500 and

3090(XOR to get User ID).3090(XOR to get User ID). Say user has 3 bank notes. Say user has 3 bank notes.

1500 XOR 3090 = 2510 (User ID)1500 XOR 3090 = 2510 (User ID) 4545 XOR 6159 = 2510 (User ID)4545 XOR 6159 = 2510 (User ID) 5878 XOR 7991 = 2510 (User ID)5878 XOR 7991 = 2510 (User ID)

Offline model – E.G. Offline model – E.G. (Cont)(Cont)

Say customer makes a copy of the notes Say customer makes a copy of the notes and spends the money. and spends the money.

Say user randomly provides one half of the Say user randomly provides one half of the string to the merchant every time he string to the merchant every time he spends the note.spends the note.

Merchant 1 Merchant 2Merchant 1 Merchant 2 0 3090 1500 00 3090 1500 0 4545 0 4545 04545 0 4545 0 5878 0 0 79925878 0 0 7992

Say the merchants now deposit this money in Say the merchants now deposit this money in the bank.the bank.

Offline model – E.G. Offline model – E.G. (Cont)(Cont)

Bank can detect fraud as follows.Bank can detect fraud as follows.Original note Duplicate NoteOriginal note Duplicate NoteUser ID User IDUser ID User ID 0 3090 1500 0 0 3090 1500 0 4545 0 4545 0 4545 0 4545 0 5878 0 0 7992 5878 0 0 7992 3090 XOR 1500 = 2510 (User ID revealed)3090 XOR 1500 = 2510 (User ID revealed) 5878 XOR 7992 = 2510 (User ID revealed)5878 XOR 7992 = 2510 (User ID revealed)Probability of catching the user is 1-(1/2)^n Probability of catching the user is 1-(1/2)^n

where n is number of identity strings.where n is number of identity strings.

Security ConsiderationsSecurity Considerations

Public Key cryptography-Uses Public Public Key cryptography-Uses Public and private keys. and private keys.

Use of Symmetric Key cryptography-Use of Symmetric Key cryptography-Uses a single key known to both Uses a single key known to both parties.parties.

Relationship between withdrawal, Relationship between withdrawal, payment and deposit.payment and deposit.

Authentication, Authorization and non-Authentication, Authorization and non-repudiation techniques.repudiation techniques.

Double spending method and framing.Double spending method and framing.

Security Considerations Security Considerations (Cont)(Cont)

Unlinkability and untraceability.Unlinkability and untraceability. Divisibility, transferability and Divisibility, transferability and

scalability.scalability. Acceptability and relilability.Acceptability and relilability.

DEMODEMO

JCASH and JBANKJCASH and JBANK JCASH is a program that works as an e JCASH is a program that works as an e

purse and works simultaneously as a purse and works simultaneously as a seller and buyer.seller and buyer.

JBANK is another program that acts like JBANK is another program that acts like a bank for JCASH e-purses.a bank for JCASH e-purses.

Program is an exe.Program is an exe.

DEMO (Cont)-JBANKDEMO (Cont)-JBANKUSER INTERFACE

Accounts has account number, current amt and name of owner.

Reports contain imp info during transactions

Functionalities accessed via file menu

DEMO (Cont)-JCASHDEMO (Cont)-JCASHOn launching the program

JCASH interface

ID Tab lets you choose the identity you want to transmit to the buyer.

Bank Tab is used to make a connection to the bank, in order to buy or deposit notes, or to check current available amt

DEMO (Cont)- JCASHDEMO (Cont)- JCASH

Connect to bank

Client get a report on completion of the transaction.

DEMO (Cont)- JCASHDEMO (Cont)- JCASH

Purse Tab- shows all the notes that are in the e-purse. Left click to select and right click to unselect a note.

After selecting the notes in the purse tab, the user can use the pay tab to pay the seller.

DEMO (Cont)- JCASHDEMO (Cont)- JCASH

Entering a new contact

Confirmation

DEMO (Cont)- JCASHDEMO (Cont)- JCASH

Receive tab must be active in order to cash a payment. Click Open connection or directly on the lights to start the server. All incoming information is written to the Report box.

Demo (Cont)Demo (Cont)

Bank generates new pairs of keys and writes to a file called PubKey.txt

Alice generates several notes using public key of ht bank and puts it in diff envelops.

Bank records the envelopes and chooses randomly a number to designate which envelop she is going to sign.

Alice reveals all the information used to bind the notes except for one chosen by the bank

Bank check to see that the information is correct and signs the chosen envelop

MORE EXAMPLES

Alice uses its binding factor in order to unbind all the envelops and obtain the signed note. Gives note to Bob.Bob records the note and generates the challenge.

Alice reveals RIS (Random Identity String). Bob checks this information and accepts the note. Deposits it in the bank. Bank verifies the note and if the note has be deposited earlier.

ReferencesReferences

http://www.cs.bham.ac.uk/~mdr/teachhttp://www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS4/ing/modules03/security/students/SS4/DigitalCash.ppt#330DigitalCash.ppt#330 [1] [1]

http://www.it.kth.se/courses/2G1704/rhttp://www.it.kth.se/courses/2G1704/reports/ecash.pdfeports/ecash.pdf [2] [2]

http://www.aci.net/kalliste/digiprin.hthttp://www.aci.net/kalliste/digiprin.htmm [3] [3]

http://www.sitepoint.com/article/onlinhttp://www.sitepoint.com/article/online-payment-acceptance-4/2e-payment-acceptance-4/2 [4] [4]

http://www.aci.net/kalliste/dcguide.hthttp://www.aci.net/kalliste/dcguide.htmm [5] [5]