# Applying anti-trust policies to increase trust in a versatile e-money system

## Abstract

Due to business relationships, alliances, trust, and distribution of liability, *distribution of power* is an important issue in financial systems. At the same time as the security of the scheme is strengthened by this decentralization, the *perception* of the security is also strengthened, which is important from a business point of view. Furthermore, apart from increasing the security, client trust and availability of the system, distribution of power can also increase its *functionality*, as we demonstrate.

We suggest an anti-trust mechanism, namely, a method for distribution of the centralized parties into many modules (potentially controlled by different entities), and apply it to a versatile electronic-money system. The method diffuses a task into distributed modules using recent cryptographic technology; doing so, it achieves increased security, privacy, availability and functionality without introducing any noticeable disadvantage. It uses *Magic Ink Signatures* [29], which are blind signatures that are distributedly generated using a threshold of signers, and where signatures can always be unblinded using (perhaps another) threshold of signers as well. Furthermore, we combine this with recent proactive technology, which enables a stronger adversarial setting. We also suggest techniques for reorganization of data stored and used by various functions, employing secure repository.

The result is an electronic money system that allows user anonymity and its revocation (a notion recently advocated by some works so as to prevent potential criminal actions.) The control over revoking anonymity is given to distributed modules that control a hidden alarm channel. As part of the task diffusion we find ways to simplify and reduce the overall complexity of the system. The revocation ability and distribution of the trust are efficient and allow a large degree of versatility in the functionality of the system (change mechanisms, numerous financial instruments: cash, charge, check, micro-payments, etc.).

## Keywords

Signature Scheme Blind Signature Certification Authority User Anonymity Blind Signature Scheme## Preview

Unable to display preview. Download preview PDF.

## References

- [1]G. Agnew, R.C. Mullin, S. Vanstone, “Improved digital signature scheme based on discrete exponentiation,” Electronics Letters, v. 26 1990, 1024–1025.Google Scholar
- [2]M. Bellare, S. Micali, “How To Sign Given Any Trap-Door Permutation,” Journal of the ACM, Vol. 39, No. 1, Jan 1992, pp. 214–233CrossRefGoogle Scholar
- [3]S. Brands, “Untraceable Off-line Cash in Wallets with Observers,” Proceedings of Crypto '93, pp. 302–318Google Scholar
- [4]E. Brickell, P. Gemmell, D. Kravitz, “Trustee-based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change,” Proc. 6th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), 1995, pp. 457–466Google Scholar
- [5]J. Camenisch, U. Maurer, M. Stadler, “Digital Payment Systems with Passive Anonymity-Revoking Trustees,” Computer Security-ESORICS 96, volume 1146, pp. 33–43Google Scholar
- [6]J. Camenisch, J-M. Piveteau, M. Stadler, “An Efficient Fair Payment System,” 3rd ACM Conference on Computer and Communications Security, 1996, pp. 88–94Google Scholar
- [7]D. Chaum, “Blind Signatures for Untraceable Payments,” Advances in Cryptology-Proceedings of Crypto '82, 1983, pp. 199–203Google Scholar
- [8]D. Chaum, H. Van Antwerpen, “Undeniable Signatures,” Crypto '89, pp. 212–216Google Scholar
- [9]D. Chaum, A. Fiat and M. Naor, “Untraceable Electronic Cash,” Advances in Cryptology-Proceedings of Crypto '88, pp. 319–327Google Scholar
- [10]CitiBank and S. S. Rosen, “Electronic-Monetary System,” International Publication Number WO 93/10503; May 27 1993Google Scholar
- [11]A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung, “How to Share a Function Securely,” STOC 94, pp. 522–533Google Scholar
- [12]Y. Desmedt and Y. Frankel, “Threshold cryptosystems,” Crypto '89, pp. 307–315.Google Scholar
- [13]W. Diffie and M. E. Heilman, “New Directions in Cryptography,” IEEE Trans. Info. Theory IT-22, Nov. 1976, pp. 644–654Google Scholar
- [14]T. ElGamal “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” Crypto '84, pp. 10–18Google Scholar
- [15]S. Goldwasser and S. Micali, “Probabilistic Encryption & How To Play Mental Poker Keeping Secret All Partial Information,” Proceedings of the 18th ACM Symposium on the Theory of Computing, 1982, pp. 270–299Google Scholar
- [16]S. Goldwasser, S. Micali and R. Rivest, “A ‘Paradoxical’ Solution to the Signature Problem,” 25th Annual Symposium on Foundations of Computer Science, 1984, pp. 441–448Google Scholar
- [17]S. Goldwasser, S. Micali and R. Rivest, “A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks,” SIAM Journal of Computing 17(2), April 1988, pp. 281–308CrossRefGoogle Scholar
- [18]IBM Research, “iKP-A Family of Secure Electronic Payment Protocols”, The First USENIX Workshop on Electronic Commerce, New York, July 1995Google Scholar
- [19]A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, M. Yung, “Proactive Public Key and Signature Systems,” ACM Comp. and Comm. Security '97, pp. 100–113Google Scholar
- [20]A. Herzberg, S. Jarecki, H. Krawczyk, M. Yung, “Proactive Secret Sharing, or How to Cope with Perpetual Leakage,” Crypto '95, pp. 339–352Google Scholar
- [21]Y. Frankel, Y. Tsiounis, M. Yung, “Indirect Discourse Proofs: Achieving Efficient Fair Off-Line E-Cash“ Asiacrypt '96, pp. 286–300Google Scholar
- [22]M. Franklin and M. Yung, “Towards Provably Secure Efficient Electronic Cash,” Columbia Univ. Dept of C.S. TR CUCS-018-92, April 24, 1992Google Scholar
- [23]M. Franklin and M. Yung, “Blind Weak Signatures and its Applications: Putting Non-Cryptographic Secure Computation to Work,” Eurocrypt '94Google Scholar
- [24]N. Ferguson, “Extensions of Single-term Coins,” Crypto '93, pp. 292–301Google Scholar
- [25]R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, “Robust Threshold DSS Signatures“, Eurocrypt '96.Google Scholar
- [26]M. Jakobsson, “Ripping Coins for a Fair Exchange,” Eurocrypt '95, pp. 220–230Google Scholar
- [27]M. Jakobsson, “Privacy vs. Authenticity,” PhD Thesis, University of California, San Diego, Department of Computer Science and Engineering. See: http://www.cse.ucsd.edu/users/markus/.Google Scholar
- [28]M. Jakobsson and M. Yung, “Revocable and Versatile Electronic Money,” 3rd ACM Conference on Computer and Communications Security, 1996, pp. 76–87Google Scholar
- [29]M. Jakobsson and M. Yung, “Distributed ‘Magic Ink’ Signatures,” Advances in Cryptology-Proceedings of Eurocrypt '97, 1997.Google Scholar
- [30]S. H. Low, N. F. Maxemchuk and S. Paul, “Anonymous Credit Cards,” The Second ACM Conference on Computer and Communications Security, Nov. 1994, pp. 108–117Google Scholar
- [31]G. Medvinsky and B. C. Neuman, “Netcash: A design for practical electronic currency on the Internet,” The First ACM Conference on Computer and Communications Security, Nov. 1993, pp. 102–106.Google Scholar
- [32]G. Medvinsky and B. C. Neuman, “Requirements for Network Payment: The NetCheque
*TM*Perspective,” Compcon '95, pp. 32–36Google Scholar - [33]National Institute for Standards and Technology, “Digital Signature Standard (DSS),” Federal Register Vol 56(169), Aug 30, 1991Google Scholar
- [34]NBS FIPS PUB 46, “Data Encryption Standard,” National Bureau of Standards, U.S. Department of Commerce, Jan 1977Google Scholar
- [35]T. Okamoto and K. Ohta, “Disposable Zero-Knowledge Authentication and Their Applications to Untraceable Electronic Cash,” Advances in Cryptology-Proceedings of Crypto '89, 1990, pp. 481–496Google Scholar
- [36]T. Okamoto and K. Ohta, “Universal Electronic Cash,” Advances in Cryptology-Proceedings of Crypto '91, 1992, pp. 324–337Google Scholar
- [37]T. Okamoto, “An Efficient Divisible Electronic Cash Scheme,” Crypto '95, pp. 438–451Google Scholar
- [38]R. Ostrovsky and M. Yung, “How to withstand mobile virus attacks,” Proc. of the 10th ACM Symposium on the Principles in Distributed Computing, 1991, pp. 51–61.Google Scholar
- [39]B. Pfitzmann and M. Waidner, “How to break and repair a “provably secure“ payment system,” Crypto '91.Google Scholar
- [40]D. Pointcheval, J. Stern, “Security Proofs for Signature Schemes,” Eurocrypt '96, pp. 387–398Google Scholar
- [41]R. Rivest, “The MD5 Message Digest Algorithm,” RFC 1321, Apr. 1992Google Scholar
- [42]R. Rivest, A. Shamir, “PayWord and Micro-Mint-Two Simple Micropayment Schemes“, Manuscript.Google Scholar
- [43]R. Rivest, A. Shamir, L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, v. 21, n. 2, Feb 1978, pp. 120–126CrossRefGoogle Scholar
- [44]C. P. Schnorr, “Efficient Signature Generation for Smart Cards,” Crypto '89, pp. 239–252Google Scholar
- [45]M. Sirbu and J. D. Tygar, “NetBill: An Internet Commerce System Optimized for Network Delivered Services,” Compcon '95, pp. 20–25Google Scholar
- [46]S. von Solms and D. Naccache, “On Blind Signatures and Perfect Crimes,” Computers and Security, 11 (1992) pp. 581–583CrossRefGoogle Scholar
- [47]M. Stadler, J-M. Piveteau, J. Camenisch, “Fair Blind Signatures,” Advances in Cryptology-Proceedings of Eurocrypt '95, 1995Google Scholar