trustee tokens
DESCRIPTION
Trustee Tokens. Simple and Practical Anonymous Digital Coin Tracing. Ari Juels RSA Laboratories. Quick Review of Chaumian E-cash (DigiCash TM ). Signs. BANK. Alice. PK. SK. Alice -$1. Anonymous digital $1 coin. r 3 f(x). 3. Signs. BANK. rf 1/3 (x). = (x, Sig(x)) =. r 3 f(x). - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/1.jpg)
Trustee TokensSimple and Practical Anonymous Digital Coin
Tracing
Ari Juels RSA Laboratories
![Page 2: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/2.jpg)
Quick Review of Chaumian E-cash
(DigiCashTM)
![Page 3: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/3.jpg)
BANK Alice
SKPK
Signs
Alice -$1
Anonymous digital $1 coin
![Page 4: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/4.jpg)
BANK Alice
r, x r3f(x)
r3f(x)rf1/3(x)rf1/3(x)
rf1/3(x)
SKPK
(x, f1/3(x))
Signs 3
= (x, Sig(x)) =
mod n
![Page 5: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/5.jpg)
An Application for Anonymous E-Cash
An Application for Anonymous E-Cash
Improved Computer Viruses(Young and Yung)
![Page 6: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/6.jpg)
Improved Computer Virus
Edgar
r3f(x)
Generates unsigned, blinded coin
Generates encryption key pair
![Page 7: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/7.jpg)
Improved Computer Virus
r3f(x)
PK
![Page 8: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/8.jpg)
Alice
![Page 9: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/9.jpg)
Hard Disk
![Page 10: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/10.jpg)
Files
PK
*&DUHF(&$YY$H&*^$RH(*&UH*&(#*R&(*&(*$&(*$&(*U(*F&(*&**&HKJF(*$YHF(*H$(*^FH*($HF&J(*F&$(*HS(*&$JF*($&SH$*&F$*(&$*(F&(*$F$(*F&S(*&*F(&*E$$)*F&(*$&*$&F(*$&F(*$&(*&(#(*$
Encrypted under PK
![Page 11: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/11.jpg)
If you Want SK, i.e.,
your files, withddraw this
Ransom Note
![Page 12: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/12.jpg)
BANK Alice
Oh, my files!
Alice -$1
![Page 13: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/13.jpg)
HETTINGA SUCCEEDS GREENSPAN AT FED
![Page 14: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/14.jpg)
Anonymous coin
Edgar
![Page 15: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/15.jpg)
How can we prevent this?Answer: Trustee-basedTracing
![Page 16: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/16.jpg)
The Idea: Trustee Tracing
Anonymous coin
![Page 17: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/17.jpg)
Tracing: Basic Idea
Anonymous coin
Judge Trustee
I order the Trustee to trace this coin.
Trustee SecretSK
Edgar
![Page 18: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/18.jpg)
Coin is anonymous unlesstrustee traces it
![Page 19: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/19.jpg)
Many Trustee-based Tracing Schemes
Brickell et al. ( ‘95) Stadler et al. (‘95) Jakobsson and Yung (‘96, ‘97) Camenisch et al., Frankel et al. (‘96) Davida et al. (‘97)
![Page 20: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/20.jpg)
Trend in schemes
SecurityFeatures
SimplicityTrusteeFlexibility
ComputationalEfficiency
Our Scheme
![Page 21: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/21.jpg)
How our scheme works
![Page 22: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/22.jpg)
Two stages
Alice Trustee
1.Token withdrawal
Alice
2.Coin withdrawal
BANK
![Page 23: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/23.jpg)
Token withdrawal
AliceTrustee
Checks thatcoin contains[“Alice”]PK
TrusteeToken
Proves identity
![Page 24: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/24.jpg)
Trustee Token
AliceTrustee
Checks thatx contains[“Alice”]PK
TrusteeToken
r, x
SigSK(r3f(x))
Proves identity
![Page 25: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/25.jpg)
BANK Alice
SK
Coin withdrawal
Checks Signs ,
Conditionally anonymous digital coin
![Page 26: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/26.jpg)
Observe: No change in coinstructure or underlying
withdrawal protocol
![Page 27: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/27.jpg)
Tracing
Trustee Token scheme guarantees that coins contain creator identity
![Page 28: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/28.jpg)
Blackmail scenario
Edgar registers his coin and gets caught or
Alice can’t make the withdrawal for Edgar
![Page 29: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/29.jpg)
Enhancements
![Page 30: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/30.jpg)
No coin storage
Alice can pseudo-randomly generate coins and blinding factors -- no coin storage
![Page 31: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/31.jpg)
Bulk token withdrawal
Alice can withdraw many tokens at once and store prior to coin withdrawals
![Page 32: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/32.jpg)
One token - multiple coins
![Page 33: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/33.jpg)
Result of Enhancements
Little interaction with Trustee
Tokens fit on, e.g., smart card
![Page 34: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/34.jpg)
Pros and Cons
![Page 35: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/35.jpg)
Advantages over other schemes
Very simple Provably secure No change in coin structure, underlying
protocol Seamless incorporation with
DigiCashTM
![Page 36: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/36.jpg)
Disadvantages
Trustee interaction needed Security with multiple trustees needs
trusted dealer Seamless incorporation with
DigiCashTM - but no DigiCashTM
![Page 37: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/37.jpg)
But...
Can be used for general blind RSA – E.g., X-cash
Method can perhaps be extended to other e-cash systems (?)
![Page 38: Trustee Tokens](https://reader035.vdocuments.us/reader035/viewer/2022062222/56814ea8550346895dbc54a4/html5/thumbnails/38.jpg)
Questions?