Cryptanalysis on “Secure untraceable off-line electronic cash system”

Recently, Baseri et al. proposed a secure untraceable off-line electronic cash system. They claimed that their scheme could achieve security requirements of an e-cash system such as, untraceability, anonymity, unlinkability, double spending checking, un-forgeability, date-attachability, and prevent forging coins. They further prove the un-forgeability security feature by using the hardness of discrete logarithm problems. However, after cryptanalysis, we found that the scheme cannot attain the security feature, untraceability. We, therefore, modify it to comprise this desired requirement, which is very important in an e-cash system

Better Privacy and Security in E-Commerce: Using Elliptic Curve-Based Zero-Knowledge Proofs

We propose an approach using elliptic curve-based zero-knowledge proofs in e-commerce applications. We demonstrate that using elliptic curved-based zero-knowledge proofs provide privacy and more security than other existing techniques. The improvement of security is due to the complexity of solving the discrete logarithm problem over elliptic curves

A novel blind signature scheme and its variations based on DLP

Blind Signature is an addendum of Digital Signature.It is a two party protocol,in which a requester sends a message to a signer to get the signature without revealing the contents of the message to the signer. The signer puts the signature using his/her private keys and the generated signature can be verified by anyone using signer’s public keys.Blind signature has a major property called as untraceability or unlinkability i.e after the generation of the signature the signer cannot link the message-signature pair. This is known as blindness property. We have proposed blind signature scheme and its variation based on discrete logarithm problem(DLP),in which major emphasis is given on the untraceability property. We have cryptanalyzed Carmenisch et al.’s blind signature scheme and Lee et al.’s blind signature scheme and proposed an improvement over it. It is found that, the proposed scheme has less computational complexity and they can withstand active attacks. Blind signature has wide applications in real life scenarios, such as, e-cash, e-voting and e-commerece applications. i

Group blind digital signatures : theory and applications

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999.Includes bibliographical references (leaves 82-86).by Zulfikar Amin Ramzan.S.M

Design and evaluation of blockchain-based security protocols

Many security protocols rely on the assumption that the trusted third party (TTP) will behave “as it should”. However, this assumption is difficult to justify in the real world. A TTP may become malicious due to its hidden interests or having been compromised. It is publicly acknowledged that a failed TTP can easily destroy the entire security protocol. This thesis aims to provide results on how to use blockchain technologies to mitigate TTP challenges and thereby secure existing cryptographic protocols. Firstly, we formally define a smart contract-based TTP (denoted as TTP-I) and give two security protocols based on such a type of TTP as concrete instances. In this approach, a smart contract can either complement a TTP’s actions or take over the entire functions of the existing TTP. This helps to obtain many security properties such as transparency and accountability. Smart contracts, however, are not adequate to replace TTP that is capable of maintaining secret information since all the states changed by TTP-I are in plaintext and publicly accessible. To fill the gap, we propose another type of TTP (denoted as TTP-II) that enables confidential executions by combining smart contracts and Trusted Execution Environments (TEEs). To achieve this goal, we first investigate the state-of-the-art TEE-aided confidential smart contracts and then explore their core mechanisms. We further apply TTP-II to a traceable credential system and an accountable decryption system. These systems are proved secure and feasible. However, since blockchain systems suffer from scalability and performance issues, the development of blockchain-based cryptographic protocols is inevitably retarded. At last, to make better blockchain systems, we provide two core mechanisms: a weak consensus algorithm and a delegatable payment protocol. The weak consensus algorithm allows parallel block generation, improving the performance and scalability of upper-layer blockchain systems. The delegatable payment protocol creates an offline payment channel, improving the payment speed. Both proposed algorithms have been practically implemented and systematically evaluated. Notably, the weak consensus algorithm has already been taken up by industries. Video abstract: https://youtu.be/rkAatxBRau

Achieving Fair Exchange and Customer Anonymity for Online Products in Electronic Commerce

In the recent years, e-commerce has gained much importance. Traditional commerce (in which case the customer physically goes to the merchant’s shop, purchases goods and/or services and makes a payment) is slowly being replaced with e-commerce and more people tend to prefer doing their shopping online. One of the main reasons for this attraction is the convenience the e-commerce provides. Customers can choose from a lot of different merchants at the convenience of their homes or while travelling by avoiding the hassle and stress of traditional shopping. However, e-commerce has lots of challenges. One key challenge is trust as transactions take place across territories and there are various legal & regulatory issues that govern these transactions. Various protocols and underlying e-commerce technologies help in the provision of this trust. One way to establish trust is to ensure fair exchange. There is also a question about traceability of transactions and customers’ need for privacy. This is provided by anonymity – making sure that the transactions are untraceable and that the customers’ personal information is kept secret. Thus the aim of this research is to propose a protocol that provides fair exchange and anonymity to the transacting parties by making use of a Trusted Third Party. The research is also aimed at ensuring payment security and making use of a single payment token to enhance the efficiency of the protocol. The proposed protocol consists of pre-negotiation, negotiation, withdrawal, purchase and arbitration phases. The analysis of the protocol proves that throughout all the phases of the e-commerce transaction, it is able to provide fair exchange and complete anonymity to the transacting parties. Anonymity provides the privacy of customers’ data and ensures that all Personally Identifiable Information of the transacting parties are kept hidden to avoid misuse. The protocol proposed is model checked to ensure that it is able to show that the fair exchange feature is satisfied. It is implemented using Java to show that it is ready-to-use and not just a theoretical idea but something that can be used in the real-world scenario. The security features of the protocol is taken care of by making sure that appropriate cryptographic algorithms and protocols are used to ensure provision of confidentiality and integrity. This research explores those areas that have not been covered by other researchers with the idea that there is still a lot of scope for improvement in the current research. It identifies these v opportunities and the ‘research gaps’ and focuses on overcoming these gaps. The current e-commerce protocols do not cover all the desirable characteristics and it is important to address these characteristics as they are vital for the growth of e-commerce technologies. The novelty of the protocol lies in the fact that it provides anonymity as well as fair exchange using a Trusted Third Party that is entirely trustworthy unlike certain protocols where the trusted third party is semi-trusted. The proposed protocol makes use of symmetric key cryptography wherever possible to ensure that it is efficient and light weight. The number of messages is significantly reduced. This overcomes the drawback identified in various other protocols which are cumbersome due to the number of messages. Anonymity is based on blind signature method of Chaum. It has been identified that usage of other methods such as pseudo-identifiers have resulted in the inefficiency of the protocol due to the bottlenecks created by these identifiers. It also ensures anonymity can never be compromised unlike certain protocols whereby an eavesdropper can find out the customer’s identity as the customer is required to disclose his/her public key during transactions. Further to this, the protocol also provides immunity against message replay attacks. Finally, the protocol always assumes that one or more parties can always be dishonest which is unlike certain protocols that assume only one party can be dishonest at any point. This ensures that all scenarios are taken into consideration and two parties cannot conspire against the other thus compromising on the fairness of the protocol. Detailed analysis, implementation, verification and evaluation of the protocol is done to ensure that the research is able to prove that the protocol has been carefully designed and the key goals of fair exchange and anonymity. All scenarios are taken into consideration to prove that the protocol will indeed satisfy all criteria. The research thus expects that the protocol could be implemented in real-life scenarios and finds a great potential in the e-commerce field