Embed Size (px)
Citation preview
Class 12Anonymous Digital Currency
CIS 755: Advanced Computer SecuritySpring 2014
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S14/
Administrative stuff
• Exam I returned–Questions?
• Corrections to today’s paper:–Published table incorrect–Number of communication rounds typo–Corrected paper at:
http://people.cis.ksu.edu/~eyv/papers/ecash-icdcs07.pdf
What is eCash?
MerchanteWallet
Wallet
Exchanger
Exchanger
Properties of eCash
• Unforgeability
• Non-reusability
• Anonymity–Untraceability–Unlinkability
Comparisons
• eCash versus–Cash–Credit cards–Micropayments
• Motivations– Like cash, but digital!
Applications of eCash
• Online payment– Lower processing costs than credit cards
• Micropayments–Content–Advertising replacement–New business models
Challenges
• Double-spending
–What is it?
–Why is it a problem?
Double-spending
• Chaum, 1982–Centralized online agent
• Offline double-spending detection–Chaum – 1988• Revocable anonymity– Problem!
• Brands - 1993– Tamper-proof agent/device (online)
Problem Statement
• Design an eCash scheme that provides–Anonymity–Real-time double-spending protection–Decentralization–No trusted hardware–No client security deposit–Practical/deployable
Key Components
Broker
WitnessClient
Merchant
Witnesses
• Method to transform centralized entity into group of peers–Witnesses do online double-spending
detection
• Use merchants as witnesses–CCI assumption– Long-term presence assumption
• A coin is assigned uniquely to witness
Witnesses Challenges
• Who chooses witnesses?–Bank• Anonymity loss
–Client• Collaboration, load balancing/fairness
• Incentives
• Fairness
Withdrawal
Broker
Client
Hi
Withdrawal Key Points
• Witness selection based on h(bare coin) and witness list version/date
• Signature on witness assignment
• Broker does not know h(bare coin)!
Commit
Witness
Client
OK
OK
Payment
Client
Merchant
Witness
Payment Key Points
• “Bare coin”– Includes secret extractable information– Signed by broker
OK
Redeem
Broker
Merchant
Security Properties
• Provably untraceable and unlinkable
• Provably secure against forgery and re-use
Complexity Analysis
• Overhead– Should be dominated by network times
Exp Hash Sig Ver Comm
WithdrawalClient 12 4 0 1
2Broker 3 1 0 0
Payment
Client 0 3 0 1
3Witness 7 6 2 1
Merchant 7 6 0 3
DepositMerchant 0 0 0 0
1Broker 6 4 0 1
RenewalClient 12 5 0 1
2Broker 9 4 0 0
Implementation
• Proof of concept–Python 2.4–1200 lines of code in four modules
• Simplicity–REST (REpresentational State Transfer)
• Performance–Python crypto is less than stellar
Summary I
Broker
WitnessClient
Merchant
Summary II
• What stops collusion?
• What happens if compromised:–Broker?–Merchant?–Witness?–Client?
Expiration Dates
• Two expiration dates:–After (1), coin:• Can be renewed• Can not be spent• Can not be deposited
–After (2), coin is completely useless
• Prevents broker coin database from growing too big
Questions?
Reading discussion
![EYV @WWZTZR] ?Vhd]VeeVc `W EYV 6 XZ VVcZ X DefUV …ess.uvic.ca/documents/stream_a/fishwrap/2000-09//2000-10-10.pdf · So come on out, have fun, and give that beat-up, striped down,](https://img.pdfslide.us/doc/110x75/5b5c375c7f8b9ad2198bf1f6/eyv-wwztzr-vhdveevc-w-eyv-6-xz-vvcz-x-defuv-essuviccadocumentsstreamafishwrap2000-092000-10-10pdf.jpg)
![8RjU` C`RU m 3ZdY`ad :eTYZ Xe` m 4G%( #BH @WWVcd Z eYV ... · a`eV_eZR] W`c R_ R__ViV hYZ]V eYV WfceYVc U`fS]V SVUc``^ YRd R gZVh `W eYV UV]ZXYeWf] cVRc XRcUV_ R_U eYV eYZcU SVUc``^](https://img.pdfslide.us/doc/110x75/5e8c97c0d6261124834bb99f/8rju-cru-m-3zdyad-etyz-xe-m-4g-bh-wwvcd-z-eyv-aevezr-wc-r-rviv.jpg)
![6 ,(,!,&- ,%)*. )# )$&- #)*'!,&)(hRcUd eYV YVRU `W eYVdV ZTV WR]]d Zd _`c^R]]j decReZWZVU Rd dVV_ Z_ eYV UVVa TcVgRddVd Z^^VUZReV]j RS`gV eYV ZTV WR]]d( HYV YZXY gV]`TZej `W W]`h%,%***](https://img.pdfslide.us/doc/110x75/5be7cc5e09d3f27e3c8d10bc/6-hrcud-eyv-yvru-w-eyvdv-ztv-wrd-zd-crj.jpg)
![45G9E FHCC?K 5A8 DH5?=GK =FFH9F =A (9AGE5? 5A8 ......,2)0 %"-)% /0)3)170158.21 06:17.21 *97.3 ,7/.5 d`fcTVd Rd Zd eYV TRdV Z_ S`eY JfddZR R_U eYV M\cRZ_V W`c ViR^a]V) A_ eYV M\cRZ_V](https://img.pdfslide.us/doc/110x75/610f61f942575b15f41407f3/45g9e-fhcck-5a8-dh5gk-ffh9f-a-9age5-5a8-20-0317015821.jpg)
![7$ >65:2 D6CG6C - ReQuest Inc.request.com/documents/2016 ReQuest Product Portfolio.pdfdVcgVcd Z_e` R T`^aRTe a`hVcY`fdV HZeY eYV RSZ]Zej e` RUU f_]Z^ZeVU ?2D UVgZTVd eYV 7$ TR_ YR_U]V](https://img.pdfslide.us/doc/110x75/5edbae68ad6a402d6666059a/7-652-d6cg6c-request-inc-request-product-portfoliopdf-dvcgvcd-ze-r-tarte.jpg)
![Van Gogh I - jackooij.nl · Van Gogh I • • • • • • EYV Rce `W dV]]Z_X j`fc W]`cR 9VRU ^`Uf]V EYV Rce `W dV]]Z_X j`fc W]`cR DZUV ^`Uf]V "#! EYV Rce `W dV]]Z_X j`fc W]`cR](https://img.pdfslide.us/doc/110x75/5fa51cc280fc49674c731792/van-gogh-i-van-gogh-i-a-a-a-a-a-a-eyv-rce-w-dvzx-jfc-wcr-9vru.jpg)
