Cryptography Reference
In-Depth Information
and someone tries to “spend” the coin, called
double spending
, the bank would
inform that the coin is a worthless copy.
Blinding
This is the technique first mentioned on page 177. We repeat it
here to put it in the context of e-commerce. Suppose that Bob has an account
at the bank, and that
m
is the identification number of a coin. Bob's selects a
random integer
z
)
∗
(called the
blinding factor
), computes
∈
(
Z
/n
Z
z
e
m
(mod
n
),
s
≡
(called
blinding
).
s
d
(mod
n
),
and sends
t
to Bob, who computes
tz
−
1
(mod
n
), called
unblinding
. Since
He sends the
blinded message
s
to the bank, which computes
t
≡
tz
−
1
s
d
z
−
1
z
ed
m
d
z
−
1
zm
d
z
−
1
m
d
(mod
n
)
,
≡
≡
≡
≡
given that
ed
1(mod
φ
(
n
)), the bank has blindlysigned the identification
number, validated with its signature. Of course, some validitychecks must be
done on Bob before this signing.
≡
Money Order
This consists of digital data, which contains Bob's iden-
tifying data, together with the identification number
m
of a coin, and its de-
nomination. For instance, a $100 moneyorder is given by($100
,m
(mod
n
)
,I
B
)
where
I
B
is a digital data string uniquelyidentifying Bob. Thus,
m
is a “blank”
coin awaiting the banks signature
m
d
to validate it.
Cut-and-Choose Protocol
The classic cut-and-choose protocol, for di-
viding anything equitably, is described as follows. Alice cuts the thing in half,
Bob chooses one half for himself, and leaves the other half for Alice. For in-
stance, if theyboth want a piece of an apple, this ensures that Alice will be as
fair as possible in her cutting, since Bob chooses first. Below, we will show how
the bank uses this notion on the moneyorders generated byBob.
The next topic has alreadybeen covered in detail in Section 5.5. However,
for the convenience of the reader, we present the basics for what is needed herein.
Secret Splitting
This is anyprotocol that takes a message, and divides it
into pieces each of which is meaningless in itself, but when pieced back together
yields the original message. For instance, given the assistance of Trent, Alice
and Bob can split a message
m
via the following protocol.
1. Trent generates a random bitstring
b
with bitlength equal to that of
m
and
creates
b
⊕
m
=
r
, where
⊕
is addition modulo 2.
2. Trent gives
b
to Alice and
r
to Bob, with
b
and
r
having no meaning unto
themselves individually.
3. Alice and Bob can piece together the information to retrieve the original
message via
b
⊕
r
=
m
.
Before describing the ECash scheme in detail, we will begin with an outline of
how it works in verbiage only, then proceed to add the mathematical description.
Search WWH ::
Custom Search