anonymity application example e cash
play

Anonymity Application Example: e-Cash 1 Conventional Everyday Cash - PDF document

Mar 16, 2023 •231 likes •351 views

Anonymity Application Example: e-Cash 1 Conventional Everyday Cash Counterfeit-able Slow Costly Vulnerable Bad for Remote Transactions DIRTY! 1 Credit Cards, Bank Cards, Checks, other cards: Easy Fraud Little Privacy

  1. Anonymity Application Example: e-Cash 1 Conventional Everyday Cash • Counterfeit-able • Slow • Costly • Vulnerable • Bad for Remote Transactions • DIRTY! 1

  2. Credit Cards, Bank Cards, Checks, other cards: Easy Fraud Little Privacy 3 Off-line e-Cash is good for 2-party payment Withdrawal from bank Off-line payment Deposit to bank • Low Communication Requirements 4 2

  3. In contrast, on-line payments: “ OK ” 5 Overspending: a problem with off-line e-Cash Step 1: Rogue user copies his money 6 3

  4. Step 2: Pays same e-Cash to multiple people 7 Bank becomes aware of trouble only later !!! 8 4

  5. How to contain Over-Spending ❖ Tamper-resistant hardware (as in smartcards) to prevent over-spending ❖ Tracing over-spenders ❖ Blacklisting over-spenders ❖ Putting a bound on value of off-line transactions 9 Minting e-Cash Secret Minting Key to Create Coins (Signatures) Heart of each e-coin is a digital signature by the Mint Mint’s public key needed to verify coins 10 5

  6. Minting a conventional coin e-Cash withdrawer (Alice) The Mint SN= SN= 12345 12345 SN = SN = 12345 12345 BankSig BankSig 11 Without anonymity, the Mint knows the serial number e-Cash $10 signing key withdrawer the Mint One Dollar SN 12345 NOTE: need distinct signing key for each denomination, e.g., $5, $1, $10 12 6

  7. Minting an untraceable coin e-Cash User (Alice) The Mint SN= 12345 SN = 12345 BankSig BankSig BankSig 13 Blind signing: like signing through a veil $10 signing key e-Cash Withdrawer The Mint One Dollar NOTE: need distinct signing key for each denomination, e.g., $5, $1, $10 14 7

  8. Cryptographic Assumptions 1. Factoring: Given composite N=pq, find primes p and q (of at least 1024 bits) 2. RSA assumption: Given exponent e and m e mod N, find m 3. Discrete log: Given prime p (at least 1024 bits), a generator g, and g x mod p, find x Example of Coin Minting Public Information: N - large composite e - small integer H() - cryptographic hash function Private Minting Information: Key = (p, q) - prime numbers: N=pq A coin has the form: [x, H(x) d mod N], 1<x<N 16 8

  9. Minting a conventional coin with RSA (traceable) e-Cash User (Alice) The Mint x,H(x) x,H(x) x,H(x) d x,H(x) d 17 Anti-counterfeiting assumption : Without knowing the key, infeasible to compute signatures H(x) = p,q = N,e x H(x) d mod N Where: d = 1/e mod phi(N) = e -1 mod phi(N) 18 9

  10. Blind Digital Signatures à Payer Privacy The Mint ECash User chooses random: x, r r e H(x) [r e H(x)] d x,H(x) x,H(x) d rH(x) d rH(x) d Tracing double-spenders • p 1 , p 2 : two large prime numbers such that p 2 | p 1 -1 • G: subgroup of Z p 1 such that |G| = p 2 * • g: generator of G • I: the user ’ s identity (set up by bank), expressed as a number Coin = [ g a mod p 1 , g b mod p 1 , H(g a ,g b ) d mod N ] where I = ab mod p 2 20 10

  11. Tracing double-spenders Buyer (Alice) Seller (Bob) g a mod p 1 , g b mod p 1 , verifies Bank ’ s signature H(g a ,g b ) d k sends random challenge k r r = ak+b verifies: g r =(g a ) k g b 21 Tracing double-spenders Two payments with the same coin yield buyer ’ s identity I 1. r = ak + b a,b 2. r’ = ak’ + b But, one payment yields no information ? r = ak + b a?,b? 22 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CS 134 CS 134 Wi Winter 2016 Anonymity Applica cation Example: Elect ctronic c Cash

CS 134 CS 134 Wi Winter 2016 Anonymity Applica cation Example: Elect ctronic c Cash

CS 134 CS 134 Wi Winter 2016 Anonymity Applica cation Example: Elect ctronic c Cash (E-Cash) and Bitco coin 1 Motivation For E-Cash Conventional Cash is: Counterfeitable Slow Costly Vulnerable Bad for Remote

1.04k views • 54 slides
Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing

Cryptocurrency Technologies Bitcoin and Anonymity Bitcoin and Anonymity Anonymity Basics How to de-anonymize Bitcoin Mixing Decentralized Mixing Zerocoin and Zerocash Tor and the Silk Road Bitcoin and Anonymity

524 views • 39 slides
Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity,

Measures of Anonymity/Privacy: k-Anonymity, L-Diversity, t-Closeness CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 4 : 590.03 Fall 12 1

647 views • 61 slides
but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian

Not all is lost for anonymity but quite a lot is. Coordination among users can help with anonymity. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 ETH Zurich 1 Sender Anonymity

551 views • 44 slides
Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity

Online Anonymity Andrew Lewman andrew@torproject.org June 8, 2010 What is anonymity? Anonymity isnt cryptography Cryptography protects the contents in transit You still know who is talking to whom, how often, and how much data is

764 views • 54 slides
Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous =

Anonymity in Bitcoin Tumbler/Mixer Oct 9, 2019 Anonymity and Pseudonymity anonymous = Nameless, unidentifiable pseudonymous = Fake name, still traceable Tracing Bitcoin transactions Normal redeem script: Provide public key pk and proof

438 views • 33 slides
Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not

Anonymity Jiayi Fu What is Anonymity - Describe the situation in which someone's name is not given or known - Anonymity != Privacy != Security - Anonymity: they can see what you do, but not who you are - Privacy: they can see

379 views • 33 slides
Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 24 Anonymity and Privacy Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Miller and Baileys ECE 422 Anonymity Anonymity: Concealing your identity In the context of the Internet, we

860 views • 61 slides
11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity

11-830 Computational Ethics for NLP Lecture 11: Privacy and Anonymity Privacy and Anonymity Being on-line without giving up everything about you Ensuring collected data doesnt reveal its users data Privacy in Structured Data:

766 views • 49 slides
Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008

Anonymity in Cryptocurrencies Foteini Baldimtsi Bitcoin Anonymity? Satoshi Nakamoto, 2008 Bitcoin is only pseudonymous Public Key Address 133GT5661q8RuSKrrv8q2Pb4RwS 146KL5461d8KuSPxvv8q2Nd6K2q Posted on the ... Blockchain Alice

821 views • 40 slides
SESSION 4: CASH FLOW STATEMENTS CASH IN AND CASH OUT Accounting for Finance The End Game

SESSION 4: CASH FLOW STATEMENTS CASH IN AND CASH OUT Accounting for Finance The End Game

SESSION 4: CASH FLOW STATEMENTS CASH IN AND CASH OUT Accounting for Finance The End Game with Cash Flows q The surface level objective of a statement of cash flows is to explain how much the cash balance of a business changed during a

386 views • 11 slides
Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti

Slicing the licing the Onion: Onion: Anonymity Without PKI Anonymity Without PKI Sachin Katti Dina Katabi &amp; Katya Puchala State of the art: Onio Onion Rout n Routing over P2P ing over P2P n Routing over P2P ing over P2P Bob Onion

705 views • 43 slides
Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh |

Applications for Measurement: Improving Anonymity Online Rishab Nithyanand | Rachee Singh | Shinyoung Cho | Phillipa Gill Stony Brook University 1 Anonymity on the Internet Tor Network 2 Anonymity on the Internet Does not know the source

261 views • 15 slides
Identity and Identity and anonymity anonymity Engineering &amp; Public Policy Lorrie Faith

Identity and Identity and anonymity anonymity Engineering &amp; Public Policy Lorrie Faith

CyLab Identity and Identity and anonymity anonymity Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 / 19-608 / 95-818:

467 views • 46 slides
FY 2017 Results Presentation February, 2018 CASH 0 CASH Cash in the media Relevant news of

FY 2017 Results Presentation February, 2018 CASH 0 CASH Cash in the media Relevant news of

FY 2017 Results Presentation February, 2018 CASH 0 CASH Cash in the media Relevant news of the quarter Cash is and will be necessary in the future Cash gains ground as a way of saving Kenneth Rogoff, economist and professor at Harvard

369 views • 23 slides
for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket

Anonymity Trilemma not all is lost for anonymity, but quite a lot is. Debajyoti Das 1 Sebastian Meiser 2 Esfandiar Mohammadi 3 Aniket Kate 1 1 Purdue University 2 Visa Research 3 Universitaet zu Luebeck Anonymous Communication (AC) Networks

449 views • 21 slides
Physics 102 Dr. LeClair Official things Lecture: 203 Gallalee every day! Lab:

Physics 102 Dr. LeClair Official things Lecture: 203 Gallalee every day! Lab:

Physics 102 Dr. LeClair Official things Lecture: 203 Gallalee every day! Lab: 329 Gallalee M-W-Th ~3 hr block will not usually need whole 3 hours NO lab today official things Dr. Patrick LeClair -

1.01k views • 55 slides
MINT Style Based Architectural Migration: Method and Case Study Simon Giesecke, Johannes

MINT Style Based Architectural Migration: Method and Case Study Simon Giesecke, Johannes

MINT Style Based Architectural Migration: Method and Case Study Simon Giesecke, Johannes Bornhold &lt;simon.giesecke@acm.org&gt; Software Engineering Group Carl von Ossietzky University Oldenburg, Germany WMR 2006, Bari, Italy 2006-03-24

406 views • 19 slides
Protecting Users by Confining JavaScript with COWL Deian Stefan, Edward Z. Yang, Petr Marchenko,

Protecting Users by Confining JavaScript with COWL Deian Stefan, Edward Z. Yang, Petr Marchenko,

Protecting Users by Confining JavaScript with COWL Deian Stefan, Edward Z. Yang, Petr Marchenko, Alejandro Russo, Dave Herman, Brad Karp, David Mazires The Web No longer just a way of publishing static content The Web Now app

989 views • 55 slides
Prosodic features of the topic information unit in BP and EP: a corpus based study Bruno Rocha

Prosodic features of the topic information unit in BP and EP: a corpus based study Bruno Rocha

Prosodic features of the topic information unit in BP and EP: a corpus based study Bruno Rocha Maryual M. Mittmann Tommaso Raso UFMG Foreword Our aim is to present and describe the Topic intonational forms for European and Brazilian

381 views • 26 slides
Efficient Graph-Based Image Segmentation Felzenszwalb and Huttenlocher Overview Goals:

Efficient Graph-Based Image Segmentation Felzenszwalb and Huttenlocher Overview Goals:

Efficient Graph-Based Image Segmentation Felzenszwalb and Huttenlocher Overview Goals: Capture Perceptually important Groupings Be highly efficient Contributions: 2 Graph Based representation of an image.

669 views • 34 slides
grammar of Hungarian Andrs Imrnyi ELTE Dept. of Hungarian Linguistics Research goal

grammar of Hungarian Andrs Imrnyi ELTE Dept. of Hungarian Linguistics Research goal

Toward a cognitive dependency grammar of Hungarian Andrs Imrnyi ELTE Dept. of Hungarian Linguistics Research goal describe Hungarian in its own right integrating cognitive linguistics (CL) and DG basic idea: CxG and DG are

965 views • 25 slides
Digital Cash (With a Central Authority) Jim Royer Jim Royer Digital Cash 1 References

Digital Cash (With a Central Authority) Jim Royer Jim Royer Digital Cash 1 References

Introduction to Cryptography Digital Cash (With a Central Authority) Jim Royer Jim Royer Digital Cash 1 References Chapter 11 of Introduction to Cryptography with Coding Theory , 2/e, by W. Trappe and L. Washington, Pearson, 2005.

505 views • 15 slides
Minimum Energy Scheduling Marek Chrobak University of California, Riverside How to Keep Sheep

Minimum Energy Scheduling Marek Chrobak University of California, Riverside How to Keep Sheep

Minimum Energy Scheduling Marek Chrobak University of California, Riverside How to Keep Sheep Warm in a Snow Storm? How to Keep Sheep Warm in a Snow Storm? n sheep on a line huddle together to stay warm Each sheep is chained

1.44k views • 130 slides

More recommend