Blinding of Credit Card Numbers in the SET Protocol

  • Hugo Krawczyk
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1648)


We present and analyze the cryptographic techniques used in the SET protocol to implement the blinding of credit card numbers in SET certificates. This blinding is essential to protect credit card numbers from eavesdroppers in the network, and even from some merchants, as required by SET. Without these measures, bulk credit card information could be easily collected thus significantly increasing the risk and amount of credit card fraud.

We first present the security requirements from this blinding operation, which include aspects of secrecy and fraud protection, then show a solu- tion to the problem (implemented in SET) and analyze its security based on well-defined cryptographic assumptions. Interestingly, we show that the requirements for blinding in SET are equivalent to the requirements of non-interactive commitment schemes in cryptography. Thus, our so- lution for SET represents an efficient implementation of a commitment function and as such may be suitable for use in other practical contexts as well.


Hash Function Credit Card Compression Function Commitment Scheme Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Bellare, M., Canetti, R., and Krawczyk, H., “Keying Hash Functions for Message Authentication”, Advances in Cryptology-CRYPTO 96 Proceedings, Lecture Notes in Computer Science, Springer-Verlag Vol. 1109, N. Koblitz, ed, 1996, pp. 1–15.Google Scholar
  3. 3.
    Bellare, M., Canetti, R., and Krawczyk, H., “Pseudorandom Functions Revisited: The Cascade Construction”. Proc. of the 37th IEEE Symp. on Foundation of Computer Science, 1996, pp. 514–523.Google Scholar
  4. 4.
    M. Bellare, J. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, and M. Waidner, “iKP-A Family of Secure Electronic Payment Protocols”, Proceedings of the First USENIX Workshop on Electronic Commerce, NY, July 1995, pp. 89–106.Google Scholar
  5. 5.
    Bellare, M., and Rogaway N., “Random Oracles are Practical: A Paradigm for Defining Efficient Protocols”, Proc. of the First ACM Conference on Computer and Communications Security, 1993, pp.62–73.Google Scholar
  6. 6.
    I.B. Damgard, T.P. Pedersen and B. Pfitzmann, “On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures”, Advances in Cryptology: CRYPTO’ 93, Lecture Notes in Computer Science, volume 773, Springer, New York, 1994. Pages 250–265.Google Scholar
  7. 7.
    O. Goldreich, S. Goldwasser and S. Micali, “How to construct random functions,” Journal of the ACM, Vol. 33, No. 4, 210–217, (1986).CrossRefMathSciNetGoogle Scholar
  8. 8.
    Goldwasser, S., and S. Micali, “Probabilistic Encryption”, JCSS, Vol. 28, No. 2, 1984.Google Scholar
  9. 9.
    Halevi, S. and Micali, S., “Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing”, in Advances in Cryptography-CRYPTO’ 96, pages 201–215, 1996. Springer-Verlag.Google Scholar
  10. 10.
    Krawczyk, H., Bellare, M., and Canetti, R., “HMAC: Keyed-Hashing for Message Authentication”, RFC 2104, February 1997.Google Scholar
  11. 11.
    Naor, M., “Bit Commitment Using Randomness”, Journal of Cryptology, Vol. 2, pp. 151–158, 1991. (Preliminary version in Crypto’89.)Google Scholar
  12. 12.
    National Institute for Standards and Technology, “Digital Signature Standard (DSS) ”, Technical Report 169, August 30 1991.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Hugo Krawczyk
    • 1
    • 2
  1. 1.Department of Electrical EngineeringTechnionHaifaIsrael
  2. 2.IBM T.J. Watson Research CenterNew YorkUSA

Personalised recommendations