Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S 14/
Dec 17, 2015
Class 12Anonymous Digital Currency
CIS 755: Advanced Computer SecuritySpring 2014
Eugene Vasserman
http://www.cis.ksu.edu/~eyv/CIS755_S14/
Administrative stuff
• Exam I returned–Questions?
• Corrections to today’s paper:–Published table incorrect–Number of communication rounds typo–Corrected paper at:
http://people.cis.ksu.edu/~eyv/papers/ecash-icdcs07.pdf
Applications of eCash
• Online payment– Lower processing costs than credit cards
• Micropayments–Content–Advertising replacement–New business models
Double-spending
• Chaum, 1982–Centralized online agent
• Offline double-spending detection–Chaum – 1988• Revocable anonymity– Problem!
• Brands - 1993– Tamper-proof agent/device (online)
Problem Statement
• Design an eCash scheme that provides–Anonymity–Real-time double-spending protection–Decentralization–No trusted hardware–No client security deposit–Practical/deployable
Witnesses
• Method to transform centralized entity into group of peers–Witnesses do online double-spending
detection
• Use merchants as witnesses–CCI assumption– Long-term presence assumption
• A coin is assigned uniquely to witness
Witnesses Challenges
• Who chooses witnesses?–Bank• Anonymity loss
–Client• Collaboration, load balancing/fairness
• Incentives
• Fairness
Withdrawal Key Points
• Witness selection based on h(bare coin) and witness list version/date
• Signature on witness assignment
• Broker does not know h(bare coin)!
Security Properties
• Provably untraceable and unlinkable
• Provably secure against forgery and re-use
Complexity Analysis
• Overhead– Should be dominated by network times
Exp Hash Sig Ver Comm
WithdrawalClient 12 4 0 1
2Broker 3 1 0 0
Payment
Client 0 3 0 1
3Witness 7 6 2 1
Merchant 7 6 0 3
DepositMerchant 0 0 0 0
1Broker 6 4 0 1
RenewalClient 12 5 0 1
2Broker 9 4 0 0
Implementation
• Proof of concept–Python 2.4–1200 lines of code in four modules
• Simplicity–REST (REpresentational State Transfer)
• Performance–Python crypto is less than stellar
Summary II
• What stops collusion?
• What happens if compromised:–Broker?–Merchant?–Witness?–Client?
Expiration Dates
• Two expiration dates:–After (1), coin:• Can be renewed• Can not be spent• Can not be deposited
–After (2), coin is completely useless
• Prevents broker coin database from growing too big