Is electronic cash possible?

Cash-like payments in electronic commerce and at the traditional point of sale are expected to be beneficial, e.g., because of privacy protection, low transaction costs, and irrevocability. Therefore, we discuss how to design electronic cash in a way that it both mirrors the most important characteristics of raditional cash, but also fulfils the expectations which arise towards electronic means of payment. We analyse the problems and trade-offs between the different characteristics to be implemented. This analysis is based on a user survey and a review of existing technologies for electronic payment systems. Finally we argue why existing systems do not fulfil the critical requirements, and point out future work towards electronic cash which will meet more requirements

Study Of Electronic Cash: Its Impact On The Economy And Society, And Its Future

Technological advancement has introduced an electronic method for the payment for goods and services. With these advancements and the growth of the internet, the market-place of the world has become one universe without borders. This paper examines the various methods of electronic payment for goods and services and the domestic and international laws that govern their operations. The paper explores concerns about money laundering, counterfeiting, internet security, cyber scams in electronic cash as well as proffered security solutions to these problems. The paper concludes with the proposition that electronic cash in the form of cards (ATM) are more accessible to the masses as compared to electronic cash based on PCs and the Internet

Authentication Protocols and Privacy Protection

Tato dizertační práce se zabývá kryptografickými prostředky pro autentizaci. Hlavním tématem však nejsou klasické autentizační protokoly, které nabízejí pouze ověření identity, ale tzv. atributové autentizační systémy, pomocí kterých mohou uživatelé prokazovat svoje osobní atributy. Tyto atributy pak mohou představovat jakékoliv osobní informace, např. věk, národnost či místo narození. Atributy mohou být prokazovány anonymně a s podporou mnoha funkcí na ochranu digitální identity. Mezi takové funkce patří např. nespojitelnost autentizačních relací, nesledovatelnost, možnost výběru prokazovaných atributů či efektivní revokace. Atributové autentizační systémy jsou již nyní považovány za nástupce současných systémů v oficiálních strategických plánech USA (NSTIC) či EU (ENISA). Část požadovaných funkcí je již podporována existujícími kryptografickými koncepty jako jsou U-Prove či idemix. V současné době však není známý systém, který by poskytoval všechny potřebné funkce na ochranu digitální identity a zároveň byl prakticky implementovatelný na zařízeních, jako jsou čipové karty. Mezi klíčové slabiny současných systémů patří především chybějící nespojitelnost relací a absence revokace. Není tak možné efektivně zneplatnit zaniklé uživatele, ztracené či ukradené autentizační karty či karty škodlivých uživatelů. Z těchto důvodů je v této práci navrženo kryptografické schéma, které řeší slabiny nalezené při analýze existujících řešení. Výsledné schéma, jehož návrh je založen na ověřených primitivech, jako jsou $\Sigma$-protokoly pro důkazy znalostí, kryptografické závazky či ověřitelné šifrování, pak podporuje všechny požadované vlastnosti pro ochranu soukromí a digitální identity. Zároveň je však návrh snadno implementovatelný v prostředí smart-karet. Tato práce obsahuje plný kryptografický návrh systému, formální ověření klíčových vlastností, matematický model schématu v programu Mathematica pro ověření funkčnosti a výsledky experimentální implementace v prostředí .NET smart-karet. I přesto, že navrhovaný systém obsahuje podporu všech funkcí na ochranu soukromí, včetně těch, které chybí u existujících systémů, jeho výpočetní složitost zůstává stejná či nižší, doba ověření uživatele je tedy kratší než u existujících systémů. Výsledkem je schéma, které může velmi znatelně zvýšit ochranu soukromí uživatelů při jejich ověřování, především při využití v elektronických dokladech, přístupových systémech či Internetových službách.This dissertation thesis deals with the cryptographic constructions for user authentication. Rather than classical authentication protocols which allow only the identity verification, the attribute authentication systems are the main topic of this thesis. The attribute authentication systems allow users to give proofs about the possession of personal attributes. These attributes can represent any personal information, for example age, nationality or birthplace. The attribute ownership can be proven anonymously and with the support of many features for digital identity protection. These features include, e.g., the unlinkability of verification sessions, untraceability, selective disclosure of attributes or efficient revocation. Currently, the attribute authentication systems are considered to be the successors of existing authentication systems by the official strategies of USA (NSTIC) and EU (ENISA). The necessary features are partially provided by existing cryptographic concepts like U-Prove and idemix. But at this moment, there is no system providing all privacy-enhancing features which is implementable on computationally restricted devices like smart-cards. Among all weaknesses of existing systems, the missing unlinkability of verification sessions and the absence of practical revocation are the most critical ones. Without these features, it is currently impossible to invalidate expired users, lost or stolen authentication cards and cards of malicious users. Therefore, a new cryptographic scheme is proposed in this thesis to fix the weaknesses of existing schemes. The resulting scheme, which is based on established primitives like $\Sigma$-protocols for proofs of knowledge, cryptographic commitments and verifiable encryption, supports all privacy-enhancing features. At the same time, the scheme is easily implementable on smart-cards. This thesis includes the full cryptographic specification, the formal verification of key properties, the mathematical model for functional verification in Mathematica software and the experimental implementation on .NET smart-cards. Although the scheme supports all privacy-enhancing features which are missing in related work, the computational complexity is the same or lower, thus the time of verification is shorter than in existing systems. With all these features and properties, the resulting scheme can significantly improve the privacy of users during their verification, especially when used in electronic ID systems, access systems or Internet services.

A formal analysis of the mimblewimble cryptocurrency protocol with a security approach

A cryptocurrency is a digital currency that can be exchanged online for goods and services. Cryptocurrencies are deployed over public blockchains which have the transactions duplicated and distributed across the nodes of a computer network. This decentralized mechanism is devised in order to achieve reliability in a network consisting of unreliable nodes. Privacy, anonymity and security have become crucial in this context. For that reason, formal and mathematical approaches are gaining popularity in order to guarantee the correctness of the cryptocurrency implementations. Mimblewimble is a privacy-oriented cryptocurrency technology which provides security and scalability properties that distinguish it from other protocols of its kind. It was proposed by an anonymous developer, who posted a link to a text file on the IRC channel by the name Tom Elvis Jedusor (french name for Voldemort) in mid-2016. Mimblewimble’s cryptographic approach is based on Elliptic Curve Cryptography which allows to verify a transaction without revealing any information about the transactional amount or the parties involved. Mimblewimble combines Confidential transactions, CoinJoin and cut-through to achieve a higher level of privacy and security, as well as, scalability. In this thesis, we present and discuss these security properties and outline the basis of a model-driven verification approach to address the certification of the correctness of the protocol implementations. In particular, we propose an idealized model that is key in the described verification process. The main components of our idealized model are transactions, blocks and chain. Then, we identify and precisely state the conditions for our model to ensure the verification of relevant security properties of Mimblewimble. In addition, we analyze the Grin and Beam implementations of Mimblewimble in their current state of development. We present detailed connections between our model and their implementations regarding the Mimblewimble structure and its security properties

Development of a certificate less digital signature scheme & implementation in e-cash system

Today’s wireless communication systems having limited computational resources and communication bandwidth find certificate less public-key cryptosystems very attractive and vital to their operations in the sense that they help in reducing a significant amount of data load on the network. To eliminate the need of public key digital certificates Shamir proposed ID based cryptosystems in which the user’s identity (e.g. name or email id) is used as the public key. However this method had a major drawback of the key escrow problem as a result of which certificate less digital signature (CDS) came into light. The main idea behind CDS is that there’s a private key generator (PKG) which generates a partial private key for the user .Then using that key and some of its own private information the user computes its actual private key. PKG’s public parameters and the user’s private key together calculate the user’s public key. Harn, Ren and Lin in 2008 proposed a CDS model which consisted of four generic modules namely PKG, user key generation, signature generation and verification. In this paper, we propose an improvement of the aforesaid CDS scheme in terms of time complexity and signature length and implement the new scheme in an e-cash model proposed by Popescu and Oros. Performance analysis of both the schemes has been carried out in details

Issues in electronic payment systems: a new off-line transferable e-coin scheme and a new off-line e-check scheme.

by Wong Ha Yin.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 71-74).Abstracts in English and Chinese.Chapter Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Traditional Payment Systems --- p.1Chapter 1.2 --- Electronic Payment System --- p.2Chapter 1.3 --- Thesis Organization --- p.4Chapter Chapter 2 --- Cryptographic Techniques --- p.5Chapter 2.1 --- Encryption and Decryption --- p.5Chapter 2.1.1 --- Symmetric Encryption --- p.6Chapter 2.1.2 --- Asymmetric or Public-Key Encryption --- p.6Chapter 2.2 --- RSA --- p.7Chapter 2.3 --- Blind Signatures --- p.8Chapter 2.4 --- General Computation Protocols --- p.8Chapter 2.5 --- Cut-and-Choose Method --- p.9Chapter 2.6 --- Hash Functions --- p.9Chapter 2.7 --- Secret Sharing --- p.10Chapter 2.8 --- Zero-Knowledge Proofs --- p.11Chapter 2.9 --- Timestamps --- p.12Chapter Chapter 3 --- Overview of Electronic Payment Systems --- p.13Chapter 3.1 --- Life Cycle --- p.13Chapter 3.2 --- Six Basic Requirements --- p.15Chapter 3.3 --- Efficiency --- p.16Chapter 3.4 --- History --- p.17Chapter Chapter 4 --- Ferguson's Single-term Off-Line Coins --- p.19Chapter 4.1 --- Basic Assumption and Tools --- p.19Chapter 4.1.1 --- Secure Hash Function --- p.19Chapter 4.1.2 --- Polynomial Secret Sharing Scheme --- p.20Chapter 4.1.3 --- Randomized Blind Signature --- p.21Chapter 4.2 --- The Basic Signal-term Cash System --- p.23Chapter 4.2.1 --- The Withdrawal Protocol --- p.24Chapter 4.2.2 --- The Payment Protocol --- p.26Chapter 4.2.3 --- The Deposit Protocol --- p.27Chapter Chapter 5 --- Cash with Different Denominations --- p.28Chapter 5.1 --- Denomination Bundling --- p.28Chapter 5.2 --- Coin Storage --- p.29Chapter Chapter 6 --- An Off-Line Transferable E-coin System --- p.32Chapter 6.1 --- Introduction --- p.32Chapter 6.2 --- The Withdrawal Protocol --- p.34Chapter 6.3 --- The Transfer / Payment Protocol --- p.36Chapter 6.4 --- The Deposit Protocol --- p.40Chapter 6.5 --- Expansion of Coins --- p.42Chapter 6.6 --- Security and privacy Analysis --- p.43Chapter 6.7 --- Complexity Analysis --- p.47Chapter 6.8 --- Conclusion --- p.49Chapter Chapter 7 --- A New Off-line E-check System --- p.50Chapter 7.1 --- Introduction --- p.50Chapter 7.2 --- E-checks Models --- p.51Chapter 7.3 --- E-Check System with Partial Privacy --- p.52Chapter 7.3.1 --- The Withdrawal Protocol --- p.52Chapter 7.3.2 --- The Payment Protocol --- p.55Chapter 7.3.3 --- The Deposit Protocol --- p.56Chapter 7.3.4 --- The Refund Protocol --- p.57Chapter 7.3.5 --- Protocol Discussion --- p.58Chapter 7.4 --- E-Check System with Unconditional Privacy --- p.59Chapter 7.4.1 --- The Withdrawal Protocol --- p.59Chapter 7.4.2 --- The Payment Protocol --- p.63Chapter 7.4.3 --- The Deposit Protocol --- p.64Chapter 7.4.4 --- The Refund Protocol --- p.65Chapter 7.4.5 --- Protocol Discussion --- p.67Chapter 7.5 --- Conclusion --- p.68Chapter Chapter 8 --- Conclusion --- p.69Reference --- p.7

E-commerce and its derived applications: smart card certificate system and recoverable and untraceable electronic cash.

by Liu Kai Sui.Thesis (M.Phil.)--Chinese University of Hong Kong, 2001.Includes bibliographical references (leaves 67-71).Abstracts in English and Chinese.Chapter 1. --- Introduction --- p.1Chapter 1.1 --- Security and E-commerce --- p.3Chapter 1.2 --- E-commerce: More than Commercial Activities --- p.4Chapter 1.3 --- What This Thesis Contains --- p.5Chapter 2. --- Introduction to Cryptographic Theories --- p.7Chapter 2.1 --- Six Cryptographic Primitives --- p.7Chapter 2.1.1 --- Symmetric Encryption --- p.8Chapter 2.1.2 --- Asymmetric Encryption --- p.8Chapter 2.1.3 --- Digital Signature --- p.9Chapter 2.1.4 --- Message Digest --- p.9Chapter 2.1.5 --- Digital Certificate and Certificate Authority --- p.10Chapter 2.1.6 --- Zero-Knowledge Proof --- p.11Chapter 2.2 --- The RSA Public Key Cryptosystem --- p.12Chapter 2.3 --- The ElGamal Public Key Encryption Scheme --- p.13Chapter 2.4 --- Elliptic Curve Cryptosystem --- p.14Chapter 2.4.1 --- The Algorithm of Elliptic Curve Cryptosystem --- p.15Chapter 2.5 --- Different kinds of Digital Signature --- p.16Chapter 2.5.1 --- RSA Digital Signature --- p.16Chapter 2.5.2 --- Elliptic Curve Nyberg-Rueppel Digital Signature --- p.16Chapter 2.6 --- Blind Signature --- p.17Chapter 2.7 --- Cut-and-choose protocol --- p.18Chapter 2.8 --- Diffie-Hellman Key Exchange --- p.19Chapter 3. --- "Introduction to E-commerce, M-commerce and Rich Media M-commerce" --- p.20Chapter 3.1 --- 1st Generation of E-commerce --- p.21Chapter 3.2 --- 2nd Generation of E-commerce ´ؤ M-commerce --- p.21Chapter 3.3 --- 3rd Generation of E-commerce - Rich Media M-commerce --- p.23Chapter 3.4 --- Payment Systems used in E-commerce --- p.23Chapter 3.4.1 --- Electronic Cash --- p.23Chapter 3.4.2 --- Credit Card --- p.24Chapter 3.4.3 --- Combined Payment System --- p.24Chapter 4. --- Introduction to Smart Card --- p.25Chapter 4.1 --- What is Smart Card? --- p.25Chapter 4.2 --- Advantages of Smart Cards --- p.26Chapter 4.2.1 --- Protable Device --- p.26Chapter 4.2.2 --- Multi-applications --- p.26Chapter 4.2.3 --- Computation Power --- p.26Chapter 4.2.4 --- Security Features --- p.27Chapter 4.3 --- What can Smart Cards Do? --- p.27Chapter 4.4 --- Java Card --- p.28Chapter 5. --- A New Smart Card Certificate System --- p.30Chapter 5.1 --- Introduction --- p.31Chapter 5.2 --- Comparison between RSA and ECC --- p.32Chapter 5.3 --- System Architecture --- p.33Chapter 5.3.1 --- System Setup --- p.33Chapter 5.3.2 --- Apply for a certificate --- p.34Chapter 5.3.3 --- Verification of Alice --- p.35Chapter 5.3.4 --- "Other Certificates ´ؤ the ""Hyper-Link"" concept" --- p.36Chapter 5.3.4.1 --- "Generation of the ""hyper-link""" --- p.37Chapter 5.3.4.2 --- "Verification ofAlice using the ""hyper-link""" --- p.37Chapter 5.3.5 --- Multiple Applications --- p.38Chapter 5.4 --- Security Analysis --- p.39Chapter 5.4.1 --- No Crypto-processor is needed --- p.40Chapter 5.4.2 --- PIN Protect --- p.40Chapter 5.4.3 --- Digital Certificate Protect --- p.40Chapter 5.4.4 --- Private Key is never left the smart card --- p.41Chapter 5.5 --- Extensions --- p.41Chapter 5.5.1 --- Biometrics Security --- p.41Chapter 5.5.2 --- E-Voting --- p.41Chapter 5.6 --- Conclusion --- p.42Chapter 6. --- Introduction to Electronic Cash --- p.44Chapter 6.1 --- Introduction --- p.44Chapter 6.2 --- The Basic Requirements --- p.45Chapter 6.3 --- Advantages of Electronic Cash over other kinds of payment systems --- p.46Chapter 6.3.1 --- Privacy --- p.46Chapter 6.3.2 --- Off-line payment --- p.47Chapter 6.3.3 --- Suitable for Small Amount Payment --- p.47Chapter 6.4 --- Basic Model of Electronic Cash --- p.48Chapter 6.5 --- Examples of Electronic Cash --- p.49Chapter 6.5.1 --- eCash --- p.49Chapter 6.5.2 --- Mondex --- p.49Chapter 6.5.3 --- Octopus Card --- p.50Chapter 7. --- A New Recoverable and Untraceable Electronic Cash --- p.51Chapter 7.1 --- Introduction --- p.52Chapter 7.2 --- The Basic Idea --- p.52Chapter 7.3 --- S. Brand's Single Term E-cash Protocol --- p.54Chapter 7.3.1 --- The Setup of the System --- p.54Chapter 7.3.2 --- The Withdrawal Protocol --- p.54Chapter 7.3.3 --- The Payment Protocol --- p.55Chapter 7.3.4 --- The Deposit Protocol --- p.56Chapter 7.4 --- The Proposed Protocol --- p.57Chapter 7.4.1 --- The Withdrawal Protocol --- p.57Chapter 7.4.2 --- The Payment Protocol --- p.58Chapter 7.4.3 --- The Deposit Protocol --- p.58Chapter 7.4.4. --- The Recovery Protocol --- p.59Chapter 7.5 --- Security Analysis --- p.60Chapter 7.5.1 --- Conditional Untraceability --- p.60Chapter 7.5.2 --- Cheating --- p.60Chapter 7.6 --- Extension --- p.60Chapter 7.7 --- Conclusion --- p.62Chapter 8. --- Conclusion --- p.63Appendix: Paper derived from this thesis --- p.66Bibliography --- p.6

Theoretical examination and practical implementation on cryptography algorithms, digital money protocols and related applications.

by Shek Wong.Thesis submitted in: December 1997.Thesis (M.Phil.)--Chinese University of Hong Kong, 1998.Includes bibliographical references (leaves 90-[94]).Abstract also in Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Electronic Commerce --- p.3Chapter 1.2 --- Electronic Cash --- p.7Chapter 1.3 --- What This Report Contains --- p.9Chapter 2 --- Cryptographic Background --- p.11Chapter 2.1 --- Euler Totient Function --- p.12Chapter 2.2 --- Fermat's Little Theorem --- p.12Chapter 2.3 --- Quadratic Residues --- p.12Chapter 2.4 --- Legendre Symbol --- p.13Chapter 2.5 --- Jacobi Symbol --- p.14Chapter 2.6 --- Blum Integer --- p.16Chapter 2.7 --- Williams Integer --- p.18Chapter 2.8 --- The Quadratic Residuosity Problem --- p.19Chapter 2.9 --- The Factorization Problem --- p.20Chapter 2.10 --- The Discrete Logarithm Problem --- p.20Chapter 2.11 --- One-way Functions --- p.21Chapter 2.12 --- Blind Signature --- p.22Chapter 2.13 --- Cut-and-choose Methodology --- p.24Chapter 3 --- Anatomy and Panorama of Electronic Cash --- p.26Chapter 3.1 --- Anatomy of Electronic Cash --- p.26Chapter 3.1.1 --- Three Functions and Six Criteria --- p.28Chapter 3.1.2 --- Untraceable --- p.29Chapter 3.1.3 --- Online and Off-line --- p.30Chapter 3.1.4 --- Security --- p.32Chapter 3.1.5 --- Transferability --- p.33Chapter 3.2 --- Panorama of Electronic Cash --- p.34Chapter 3.2.1 --- First Model of Off-line Electronic Cash --- p.34Chapter 3.2.2 --- Successors --- p.35Chapter 3.2.3 --- Binary Tree Based Divisible Electronic Cash --- p.36Chapter 4 --- Spending Limit Enforced Electronic Cash --- p.37Chapter 4.1 --- Introduction to Spending Limit Enforced Electronic Cash --- p.37Chapter 4.2 --- The Scheme --- p.41Chapter 4.3 --- An Example --- p.44Chapter 4.4 --- Techniques --- p.47Chapter 4.5 --- Security and Efficiency --- p.51Chapter 5 --- Interest-bearing Electronic Cash --- p.53Chapter 5.1 --- Introduction to Interest-bearing Electronic Cash --- p.53Chapter 5.2 --- An Example --- p.55Chapter 5.3 --- The Scheme --- p.55Chapter 5.4 --- Security --- p.57Chapter 5.5 --- An Integrated Scheme --- p.58Chapter 5.6 --- Applications --- p.59Chapter 6 --- Abacus Type Electronic Cash --- p.61Chapter 6.1 --- Introduction --- p.61Chapter 6.2 --- Abacus Model --- p.63Chapter 6.3 --- Divisible Abacus Electronic Coins --- p.66Chapter 6.3.1 --- Binary Tree Abacus Approach --- p.66Chapter 6.3.2 --- Multi-tree Approach --- p.57Chapter 6.3.3 --- Analysis --- p.69Chapter 6.4 --- Abacus Electronic Cash System --- p.71Chapter 6.4.1 --- Opening Protocol --- p.71Chapter 6.4.2 --- Withdrawal Protocol --- p.74Chapter 6.4.3 --- Payment and Deposit Protocol --- p.75Chapter 6.5 --- Anonymity and System Efficiency --- p.78Chapter 7 --- Conclusions --- p.80Chapter A --- Internet Payment Systems --- p.82Chapter A.1 --- Bare Web FORM --- p.82Chapter A.2 --- Secure Web FORM Payment System --- p.85Chapter A.3 --- Membership Type Payment System --- p.86Chapter A.4 --- Agent Based Payment System --- p.87Chapter A.5 --- Internet-based POS --- p.87B Papers derived from this thesis --- p.89Bibliography --- p.9