Codex Enables Secure Offline Micropayments

This paper introduces a new micropayment scheme, suitable for all kinds of transactions, and does not require online transactions for either the payer or payee. The designed method uses an encrypted data structure called Codex which self replicates to represent the current values of both the payer and the payee. The model, while providing fraud detection also guarantees payment & loss recovery

More Compact E-Cash with Efficient Coin Tracing

In 1982, Chaum \cite{Chaum82} pioneered the anonymous e-cash which finds many applications in e-commerce. In 1993, Brands \cite{Brands93apr,Brands93,Brands93tm} and Ferguson \cite Ferguson93c,Ferguson93} published on single-term offline anonymous e-cash which were the first practical e-cash. Their constructions used blind signatures and were inefficient to implement multi-spendable e-cash. In 1995, Camenisch, Hohenberger, and Lysyanskaya \cite{CaHoLy05} gave the first compact $2^\ell$-spendable e-cash, using zero-knowledge-proof techniques. They left an open problem of the simultaneous attainment of $O(1)$-unit wallet size and efficient coin tracing. The latter property is needed to revoke {\em bad} coins from over-spenders. In this paper, we solve \cite{CaHoLy05}\u27s open problem, and thus enable the first practical compact e-cash. We use a new technique whose security reduces to a new intractability Assumption: the {\em Decisional Harmonic-Relationed Diffie-Hellman (DHRDH) Assumption}

The Capital Commons: Digital Money and Citizens\u27 Finance in a Productive Commercial Republic

All societies must address two questions where the organization of productive activity is concerned. The first is whether production will be mainly publicly managed, privately managed, or \u27mixed.\u27 The second is whether the financing of production will be mainly publicly managed, privately managed, or mixed. In the American commercial republic, we seem more or less to have answered the \u27who does production\u27 question to our own satisfaction. From the founding era to the present, we have elected to leave production primarily, though not of course solely, \u27in private hands.\u27 Where the financing of production is concerned, on the other hand, we have been more ambivalent. For the past 160 years, our financial system has operated as a public-private franchise arrangement. At the core of our franchise lie the sovereign public (the \u27public\u27 of our \u27republic\u27) and its money-modulator – the issuer and manager of its monetized full faith and credit, its \u27money\u27 – on the one hand, and the private sector financial institutions and markets we publicly license to allocate most of the resultant Wicksellian \u27bank money\u27 or \u27credit-money\u27 on the other hand. At the periphery of the franchise lie those institutions and markets that \u27shadow bank\u27 through relations with the banking core. In recent years, developments in several distinct spaces have prompted what amounts to a broad reassessment of our hybrid financial arrangements. One such development is weariness with our system\u27s penchant for over-generating public credit that fuels bubbles and busts rather than production, a product of leaving our public capital - by far the greater part of investment capital - to private management. This is what the author has long called poor credit modulation. Another ground of critique is our hybrid system\u27s poor record on what the author has long called credit allocation, from which modulation turns out to be inseparable. Our morbid fear of explicitly, rather than implicitly, ‘picking winners and losers’ is the culprit here. Finally, other sources of disenchantment are our system\u27s long-term worsening of inequality, the scandal of commercial and financial exclusion our system permits, and the promise offered by new financial technologies where ending both that and leaky monetary policy are concerned. The current Covid pandemic and recent murder of George Floyd of course underscore these sources of disillusion. This article embraces these critiques, which the author himself has leveled continuously over the past fifteen years, argues that privately ordered production requires publicly ordered finance, and shows how to order finance publicly on a Fed balance sheet forthrightly recognized as a Citizens’ Ledger. New public investments will make up the asset side of the upgraded Fed balance sheet, while a corresponding system of digital public banking through ‘FedWallets’ will upgrade the liability side of the same. Newly restored regional Fed functionalities (\u27Spreading the Fed\u27), an FSOC-inspired National Reconstruction and Development Council (NRDC) and its financing arm (a restored RFC), and a price-stabilizing \u27People\u27s Portfolio\u27 round out the new system of Citizens\u27 Finance. In the course of its arguments, the article traces all salient consequences that flow from its overhaul of our system of financing production, from banking through ‘shadow banking’ to the capital markets. It also makes some surprising discoveries along the way. Among these is that full separation of Fed and Treasury and hence monetary and fiscal policy, itself an artifact of franchise finance and hence the false hope of separating credit modulation from credit allocation, is no longer tenable. Another is that global central bank digital currency (CBDC) development is now corroborating much of what the article argues

Efficient Verifiable Escrow and Fair Exchange with Trusted Hardware

At the heart of many fair exchange problems is verifiable escrow: a sender encrypts some value using the public key of a trusted party (called the recovery agent), and then must convince the receiver of the ciphertext that the corresponding plaintext satisfies some property (e.g., it contains the sender\u27s signature on a contract). Previous solutions to this problem are interactive, and often rely on communication-intensive cut-and-choose zero-knowledge proofs. In this paper, we provide a solution that uses generic trusted hardware to create an efficient, non-interactive verifiable escrow scheme. Our solution allows the protocol to use a set of recovery agents with a threshold access structure, the \emph{verifiable group escrow} notion which was informally introduced by Camenisch and Damgard and which is formalized here. Finally, this paper shows how this new non-interactive verifiable escrow scheme can be used to create an efficient optimistic protocol for fair exchange of signatures

The Capital Commons: Digital Money and Citizens\u27 Finance in a Productive Commercial Republic

All societies must address two questions where the organization of productive activity is concerned. The first is whether production will be mainly publicly managed, privately managed, or \u27mixed.\u27 The second is whether the financing of production will be mainly publicly managed, privately managed, or mixed. In the American commercial republic, we seem more or less to have answered the \u27who does production\u27 question to our own satisfaction. From the founding era to the present, we have elected to leave production primarily, though not of course solely, \u27in private hands.\u27 Where the financing of production is concerned, on the other hand, we have been more ambivalent. For the past 160 years, our financial system has operated as a public-private franchise arrangement. At the core of our franchise lie the sovereign public (the \u27public\u27 of our \u27republic\u27) and its money-modulator – the issuer and manager of its monetized full faith and credit, its \u27money\u27 – on the one hand, and the private sector financial institutions and markets we publicly license to allocate most of the resultant Wicksellian \u27bank money\u27 or \u27credit-money\u27 on the other hand. At the periphery of the franchise lie those institutions and markets that \u27shadow bank\u27 through relations with the banking core. In recent years, developments in several distinct spaces have prompted what amounts to a broad reassessment of our hybrid financial arrangements. One such development is weariness with our system\u27s penchant for over-generating public credit that fuels bubbles and busts rather than production, a product of leaving our public capital - by far the greater part of investment capital - to private management. This is what the author has long called poor credit modulation. Another ground of critique is our hybrid system\u27s poor record on what the author has long called credit allocation, from which modulation turns out to be inseparable. Our morbid fear of explicitly, rather than implicitly, ‘picking winners and losers’ is the culprit here. Finally, other sources of disenchantment are our system\u27s long-term worsening of inequality, the scandal of commercial and financial exclusion our system permits, and the promise offered by new financial technologies where ending both that and leaky monetary policy are concerned. The current Covid pandemic and recent murder of George Floyd of course underscore these sources of disillusion. This article embraces these critiques, which the author himself has leveled continuously over the past fifteen years, argues that privately ordered production requires publicly ordered finance, and shows how to order finance publicly on a Fed balance sheet forthrightly recognized as a Citizens’ Ledger. New public investments will make up the asset side of the upgraded Fed balance sheet, while a corresponding system of digital public banking through ‘FedWallets’ will upgrade the liability side of the same. Newly restored regional Fed functionalities (\u27Spreading the Fed\u27), an FSOC-inspired National Reconstruction and Development Council (NRDC) and its financing arm (a restored RFC), and a price-stabilizing \u27People\u27s Portfolio\u27 round out the new system of Citizens\u27 Finance. In the course of its arguments, the article traces all salient consequences that flow from its overhaul of our system of financing production, from banking through ‘shadow banking’ to the capital markets. It also makes some surprising discoveries along the way. Among these is that full separation of Fed and Treasury and hence monetary and fiscal policy, itself an artifact of franchise finance and hence the false hope of separating credit modulation from credit allocation, is no longer tenable. Another is that global central bank digital currency (CBDC) development is now corroborating much of what the article argues

Advances in signatures, encryption, and E-Cash from bilinear groups

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 147-161).We present new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions. Our constructions are based on a special type of algebraic group called bilinear groups. 1. Re-Signatures: We present the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signature on the same message. The special information, however, allows nothing else, i.e., the proxy cannot translate from Bob to Alice, nor can it sign on behalf of either Alice or Bob. We show that a path through a graph can be cheaply authenticated using this scheme, with applications to electronic passports. 2. Re-Encryption: We present the first public key cryptosystem where a semi-trusted proxy, given special information, can translate an encryption of a message under Alice's key into an encryption of the same message under Bob's key. Again, the special information allows nothing else, i.e. the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. We apply this scheme to create a new mechanism for secure distributed storage.(cont.) 3. Compact; E-Cash with Tracing and Bounded-Anonymity: We present an offline e-cash system where 2 coins can be stored in O(e + k) bits and withdrawn or spent in 0(f + k) time, where k is the security parameter. The best previously known schemes required at least one of these complexities to be 0(2t . k). In our system, a user's transactions are anonymous and unlinkable, unless she performs a forbidden action, such as double-spending a coin. Performing a forbidden action reveals the identity of the user, and optionally allows to trace all of her past transactions. We provide solutions without using a trusted party. We argue why features of our system are likely to be crucial to the adoption of any e-cash system.by Susan Hohenberger.Ph.D

Tracing-by-Linking Group Signautres

In a group signature \cite{CvH91}, any group member can sign on behalf of the group while remaining anonymous, but its identity can be traced in an future dispute investigation. Essentially all state-of-the-art group signatures implement the tracing mechnism by requiring the signer to escrow its identity to an Open Authority (OA) \cite{ACJT00,CL02scn,BMW03,KiayiasYu04,BSZ05,BBS04,KiayiasTsYu04}. We call them {\em Tracing-by-Escrowing (TbE)} group signatures. One drawback is that the OA also has the unnecessary power to trace without proper cause. In this paper we introduce {\em Tracing-by-Linking (TbL)} group signatures. The signer\u27s anonymity is irrevocable by any authority if the group member signs only once (per event). But if a member signs twice, its identity can be traced by a public algorithm without needing any trapdoor. We initiate the formal study of TbL group signatures by introducing its security model, constructing the first examples, and give several applications. Our core construction technique is the successful transplant of the TbL technique from single-term offline e-cash from the blind signature framework \cite{Brands93,Ferguson93,Ferguson93c} to the group signature framework. Our signatures have size $O(1)$

Global Credit Card Use and Debt: Policy Issues and Regulatory Responses

The rise of card-based payments has transformed the landscape of payments in the last half century, from one dominated by government-supported paper-based payments to one dominated by wholly private systems. The rise of those payments presents a number of policy problems, the most serious of which is the empirically demonstrable likelihood that use of the cards here and elsewhere contributes to an undue level of consumer credit and that borrowing on the cards contributes to a rise in the level of consumer bankruptcy. Because increasing financial distress imposes substantial externalities on the economies in which it occurs, the global rise of the credit card poses serious policy questions. To understand how policymakers should respond, it is important to start by recognizing the powerful efficiencies that cards bring to payment systems, and how those efficiencies have driven the globalization of the payment card. Although the existing pattern shows great variation from country to country, regulators cannot be sure that the variations will persist. Building on existing historical research and on detailed contemporaneous data about the patterns of usage around the world, I show that the differences reflect the youth of the system, and the fact that few countries were as well suited to the rapid takeup of credit cards as the United States. Thus, the United States has developed an almost uniquely unitary payment system in which the credit card is both the dominant borrowing vehicle and the electronic payment instrument of choice. The pressures of globalization are rapidly driving convergence in card usage, except in those countries that have adopted substantial “speed bumps” to slow the growth of cards. Whether those speed bumps will deflect other countries from the problems faced in the United States remains an open question. The natural question, then, is what policies will be useful to confine the problems related to credit cards without creating undue inefficiencies in retail payment systems. The ideal response would be one that drove the United States closer to the pattern evident in other countries, encouraging debit cards so as to protect the cost savings of electronic payments without the externalities generated by credit card usage. It is not easy, however, to devise policy responses that fit that goal. The closing part of this paper analyzes several different reforms that might be useful to policymakers of different perspectives: (a) permitting merchant credit card surcharges; (b) barring affinity programs, especially those that are conditioned on borrowing; (c) barring marketing to minors; (d) reorganizing the disclosure system to focus on the behavioral problems that make cards problematic; and (e) banning a few provisions that unacceptably shift costs from the card industry to the rest of society. Among other things, this suggests a shift in emphasis away from disclosures in account agreements to disclosures at the point of sale. Thus, for example, I reject recent proposals to provide enhanced disclosures for universal default provisions. On the contrary, I argue that those provisions should be banned from credit card agreements entirely, with a view to causing card issuers to limit the credit they extend to those that are demonstrably in financial distress