Secure and Efficient off-Line Digital Money
Autor: babefish • March 14, 2015 • Term Paper • 1,159 Words (5 Pages) • 795 Views
1: off-line
(outline: 1: Off-line system, bank does not involved in payment processes. no need for database.
Major conern is double-spending and customer's privacy. trade-off between double-spending detect and untracebility
2: 2 important idea and 3 phase, it call offline as no bank in purchase phase
\cite{CF88} Chaum Fiat and Naor. The first offline
A: one-show blind signature, B: traceability of double-spending
C: the identity of the account-holder is encoded into the withdrawn information, whereas
this conformation is not known to the bank by virtue of the blind signature property
Secure and efficient off-line digital money (Matthew franklin)(+++)
(good analysis of past work)
The authors propose an off-line digital money scheme with "oblivious authentication". It lets an authorizing agency issue a digital passport with an embedded secret, together with a "witness" of the embedded secret.
In the paper, a secret is hidden as bits of the discrete logs of a number of values. It is concealed unless a witness is known, and to allow for the extraction of verifiable hints (any two of which reveal a witness). A hint of the witness is a set of points on lines whose slopes as these discrete logs. Authors implement oblivious authentication based on any one-way funciton together with a pre-processing stage independent from the withdrawal, purcahse and deposit protocols. Communication complexity of the shceme is O(K^2*s) bits where K is a security parameter and s is the size of a signed bit; O(K^2) encryption operations are performed.
hide the secret:
Chaum, Fiat and Naor hides the secret in a collection of nested one-way functins that each hide a pair of XOr shares of the secret.
withdrawal phase: the bank issues a passport (with embedded identity in a complexity theoretic sense) and a witness to the customer. To make a purchase, the customer gives the passport and a unique hint (extracted from the witness) to the vendor. To deposit, the vendor forwards the passport and the hint to the bank.
Scheme with bline signature:
For use in an offline coin schemem,the bank must be sure that the message it never see has a certain form( i.e that it embeds the customer's identity in the proper way). it can be done by combining the blind signature with zero knowledge proof. [18, 19] or " cut-and-choose" check [32]
[18] Goldreich... proofs that yield nothing but theiry validity and a methodolgy of cryptographic protocol design [GM86]
19 goldwasser.. the knowledge complexity of interactive proof systems GM89
32 M. Rabin. Digital signature Ra78
another way to implement blind signature using general secure 2-party computation protocols , as shown by Pfitzmann and waidner 30, building on work of Damgard. A circuit to compute signature is jointly computed by the bank the custoemr, with the bank contributing one input (secret signature key), the custoemr contributing the other input (message to be signed), and hte customer alone receiving the output (signed message). THis scheme is secure but definitely not efficient as its message complexity and encryption complexity.
...