Cryptography Reference
In-Depth Information
Analysis
Untraceability
: The above scheme ensures anonymity for Bob, as a legit-
imate user. In other words, his identityis untraceable. When he spends the
coin, the bank must honour it since the bank's signature is on it. However,
since it is unable to recognize the specific coin, given that it was blinded when
signed, the bank does not know who made the payment. However, if Bob is not
a legitimate user and tries to spend the coin twice, the bank can detect him in
step 3 of the spending stage. The attentive reader will have noticed that we
assumed that the binarystrings were different in step 4, if Bob is illegitimate.
This is not 100% certain but the probabilitythat they
are
the same is 1 in 2
100
,
which is
extremely
unlikely. This legitimate use of digital cash ensures that it
is
anonymous digital cash
. This mimics the use of real paper cash where the
use is anonymous and untraceable. The other type of digital cash is
identified
digital cash
, which mimics the use of a credit card, allowing a bank to track the
transaction as it moves through the system. This is not used often since users
want the untraceable property.
Security
: This is a propertyguaranteed byboth step 4 of spending, which
tells us that the coins cannot be copied and reused, and the fact that the bank
keeps its signature
d
secure, along with identitydata.
Integrity
: This is a propertysatisfied byECash since the scheme is based
upon the securityof RSA, which we have seen to be valid when properlyimple-
mented.
Authenticity
This is a propertyguaranteed bystep 4 of spending since
Bob, as a legitimate user, is protected from impersonation.
OBine
: Since an illegitimate user can be identified in step 4 of spending,
then it is not necessaryto check the coins immediatelysince a cheater would
be identified later. Thus, the o
T
ine propertyexists for the scheme, since the
vendor does not have to check at the time of payment (online), but rather can
do so later (oTine).
5.6
Recovery
: ECash has a special built-in recoveryprotocol executed between
Bob and the bank that allows all the coins that have been withdrawn byBob
to be reconstructed. Thus, if there is a system crash, or computer crash, in
the middle of a payment attempt over the Internet, these reconstructed coins
can be redeemed at the bank (but onlythose coins not alreadyin its used coin
database). Recoveryof ECash coins can be accomplished over the Internet
with the click of a button.
Coin Denominations
: Our simplified version of the ECash scheme did
not address the issue of different coin denominations. The ECash scheme uses
a different RSA public exponent for each denomination, but the same RSA
modulus
n
for each of them. Then the above ECash scheme is executed in
parallel for as manyiterations necessaryto withdraw the required amount.
5.6
All of the above characteristics thus far in this analysis, are aspects of what Okamoto and
Ohta described as the
ideal
digital cash scheme. See [182].
Search WWH ::
Custom Search