Скачать презентацию Practical E-Payment Scheme Author Mohammad Al-Fayoumi Sattar Aboud Скачать презентацию Practical E-Payment Scheme Author Mohammad Al-Fayoumi Sattar Aboud

2729230b023ddfc2b164a5f58a0f2bac.ppt

  • Количество слайдов: 10

Practical E-Payment Scheme Author: Mohammad Al-Fayoumi, Sattar Aboud, and Mustafa Al-Fayoumi. Source: International Journal Practical E-Payment Scheme Author: Mohammad Al-Fayoumi, Sattar Aboud, and Mustafa Al-Fayoumi. Source: International Journal of Computer Science Issues, 2010, Vol. 7, No. 3, pp. 18 -23. Presenter: Tsuei-Hung Sun (孫翠鴻) Date: 2010/12/17

Outline èIntroduction èMotivation èScheme èSecurity Analysis èPerformance Evaluation èAdvantage vs. Weakness èComment 2 Outline èIntroduction èMotivation èScheme èSecurity Analysis èPerformance Evaluation èAdvantage vs. Weakness èComment 2

R. Rivest, A. Shamir, 1996, “Pay. Word and Micro. Mint: two simple micropayment schemes, R. Rivest, A. Shamir, 1996, “Pay. Word and Micro. Mint: two simple micropayment schemes, ” Proceedings of the International Workshop on Security Protocols, LNCS Vol. 1189, pp. 69 -87. Introduction èPay. Word Protocol êCredit-base êOff-line scheme êUsing RSA public key cryptography and hash chain. êDecreasing the number of on-line connections between Bank and Merchant. 3

Pay. Word Protocol Customer (PKU, PVU) Generates hash chain = (w 0, w 1, Pay. Word Protocol Customer (PKU, PVU) Generates hash chain = (w 0, w 1, …, wn) wi = h(wi+1), i = n-1, n-2, …, 0 MU = (IDM, CU, w 0, EC, IM)PVU CU = (IDB, IDU, AU, PKU, EU, IU)PVB P = (wi, i) Bank (PKB, PVB) MU, P = (wi, i) Merchant CU: Customer‘s certificate published by the Bank. IDB: Bank’s ID. IDU: Customer’s ID. AU: Customer’s delivery address. EU: Expiration date. IU: Other information about Customer. MU: Customer’s commitment for Merchant. IDM: Merchant identity. W 0: Root of payword chain. EC: Present date. IM: Merchant’s information. 4

Motivation èEach payword chain is spent only to a specific Merchant. èCustomer need to Motivation èEach payword chain is spent only to a specific Merchant. èCustomer need to generate hash chain as many as the number of merchants he want to trade with. èNot providing anonymity for Customer. èProposing a new blind signature scheme using discrete logarithm problem. 5

Scheme Bank Customer Select 1. prime integer p and generator g 2. private key Scheme Bank Customer Select 1. prime integer p and generator g 2. private key d, 1 < d < p-2 Compute y = gd mod p Publish (y, g, p) and keep d in secret. 3. random integer z < p-2 z Find a Select random integer v and u. e, f Pick a random integer c. Find a-1, j Verify e: represents an upper limit of cash that the user can use. Signature (e, w, x) 6

Security Analysis è Forgery Detection êIt is almost unfeasible to forge Customer’s payment without Security Analysis è Forgery Detection êIt is almost unfeasible to forge Customer’s payment without knowing Bank’s private key d. êIt is computationally intractable to obtain Bank’s private key without solving the discrete logarithm problem. è Short public key attack êEvery signature is being randomized by certain random numbers. 7

Performance Evaluation Table 1: Computations of efficacy in blinding scheme Protocol Name Blinding Scheme Performance Evaluation Table 1: Computations of efficacy in blinding scheme Protocol Name Blinding Scheme The pay-word protocol 5 Th + 9 Ta + 5 Tm Proposed protocol 4 Th + 8 Ta + 4 Tm Th: Calculation time for hash function operation Ta: Calculation time for addition in modular multiplication Tm: Calculation time for multiplication modular exponentiation 8

Advantage vs. Weakness èAdvantage êMore efficient than the payword protocol. êIt is fast to Advantage vs. Weakness èAdvantage êMore efficient than the payword protocol. êIt is fast to verify the signature. êGuarantee the payment is untraceable. èWeakness êUsing discrete logarithm is still takes more computing time. êMore complex than the payword protocol. 9

Comment è The payword chain is generated by Customer. è The cash can be Comment è The payword chain is generated by Customer. è The cash can be verified with both Bank’s and Customer’s information. è The scheme only reduce a little computing time but it bring more parameters and step than the payword protocol. è The offline payword protocol bring fewer cost then online one. 10