Anonymous Electronic Commerce -
Digital Cash As An
Alternative Payment Mechanism
Submitted in partial fulfilment of the
Bachelor of Science (Honours)
degree of Rhodes University
Gareth Alan Howell
Computer Science Department
November 2000
Acknowledgements
To my family, for always supporting and encouraging me.
To my supervisors, John Ebden and Professor Peter Wentworth, for your guidance. Your ideas inspired me, and helped me to find direction and focus for this project.
To my girlfriend, Larine, for your love and encouragement (not to mention a good deal of proof reading).
To Professor Pat Terry, for lending me his exceptional proof reading skills. The time and effort he spent in correcting my grammar has greatly improved the standard of English in this project.
Lastly, to my saviour, Jesus Christ. You give me strength when I am weak, and courage when I am afraid. All the glory is yours.
Abstract
Credit cards are the only widely used means of payment on the Internet, but not everyone is eligible for a credit card, the per-transaction cost is high, and electronic transmission and storage of card details pose significant fraud and privacy risks. As more commerce moves onto the Internet, new payment systems need to be deployed that can support all forms of transactions. In the virtual world, the payment systems available to us should at least equal those that are available in the physical world. To achieve this we need an electronic equivalent to cash, which will allow for relatively cheap and anonymous transactions on the Internet. Many digital cash systems have been developed which allow for anonymous payments, yet determining what features we need, let alone what we are capable of implementing, is often confusing.
In this project we describe the key attributes of digital cash, and ways in which we can implement these attributes. Having examined the theory and analysed some current proposals, we adapt some existing classification schemes in the literature to produce our own classification scheme for electronic payment mechanisms, and digital cash in particular. We then consider a case study, the Rhodes University campus, classify the requirements in terms of our model, and use this framework to make recommendations for an electronic payment system on campus.
Contents
1 Introduction 1
2 Cryptography – A Look Behind the Scenes 5
2.1 Terms and Definitions 5
2.2 Symmetric Algorithms 6
2.3 Asymmetric Algorithms 8
2.3.1 Web of Trust 11
2.3.2 Certification Authorities 11
2.4 Hybrid Cryptosystems 12
2.5 Hash Functions 13
2.6 Digital Signatures 14
2.7 Bit Commitment 18
2.8 Secret Splitting 19
2.9 Review 20
3 The Mathematics of Digital Cash 21
3.1 RSA – A Public-key Cryptosystem 21
3.1.1 Generating a Key-pair in RSA 22
3.1.2 Encryption with RSA 22
3.1.3 Decryption with RSA 23
3.1.4 Issues in Public-key Cryptosystems 23
3.2 Blind Signatures 24
3.3 Review 25
4 What is Digital Cash? 26
4.1 Key Attributes of Digital Cash 26
4.1.1 Secure 27
4.1.2 Anonymous 27
4.1.3 Off-line capable 30
4.1.4 Portable 31
4.1.5 Two-way 32
4.1.6 Infinite Duration 33
4.1.7 Divisible 35
4.1.8 Widely Accepted 36
4.1.9 User-friendly 36
4.1.10 Unit-of-Value freedom 36
4.2 Optional Attributes of Digital Cash 38
4.2.1 Micropayments 38
4.2.2 Conditional Repudiation and Recovery 38
4.2.3 Scalable 39
4.3 Review 40
5 Achieving Digital Cash 41
5.1 Tamper Resistant Smart Cards 41
5.2 Developing a Digital Cash System 42
5.2.1 Secure 43
5.2.2 Anonymous 45
5.2.3 Off-line capable 48
5.2.4 Portable 53
5.2.5 Two-way 54
5.2.6 Infinite duration 55
5.2.7 Divisible 55
5.2.8 Widely Accepted 57
5.2.9 User-friendly 57
5.2.10 Unit-of-Value freedom 58
5.2.11 Micropayments 58
5.2.12 Conditional Repudiation and Recovery 59
5.2.13 Scalable 60
5.3 Review 61
6 iKP and SET – NOT Digital Cash 62
6.1 What is iKP? 62
6.1.1 iKP Security Levels 63
6.1.2 1KP Protocol 65
6.1.3 2KP Protocol 67
6.1.4 3KP Protocol 68
6.2 What is SET? 69
6.2.1 Benefits of SET 69
6.3 What About Digital Cash? 70
6.4 Review 70
7 Recommendations for Rhodes Campus 71
7.1 Analysis of Requirements 72
7.1.1 Small Payments 72
7.1.2 Large Payments 73
7.1.3 Classifying the Requirements 75
7.2 Designing a System 75
7.2.1 Quick Overview of PayMe 75
7.2.2 Designing for Requirements 76
7.3 Designing for Large Payments 78
7.3.1 Off-line 78
7.3.2 Partial Anonymity 79
7.3.3 Bursar Requirements 79
7.3.4 Peer-to-Peer Payments 80
7.3.5 Loading Cash 81
7.3.6 Depositing Cash 81
7.4 Concerns 82
7.5 Looking Ahead 83
7.6 Review 84
8 Conclusions and Future Research 85
8.1 Conclusion 85
8.1.1 Rhodes University 86
8.2 Future Research 88
References 89
Appendix A: Bibliography 92
Cryptography 92
Digital Cash 93
E-Commerce 93
Economic Issues 95
Mathematics 98
Political Issues 98
Security 99
General 100
Glossary 103
Index 111
List of Figures
Figure 11: Electronic payment systems 2
Figure 21: Encryption and decryption 6
Figure 22: Securing communication with a secret-key algorithm 7
Figure 23: Securing communication with a public-key algorithm 9
Figure 24: Man-in-the-middle attack 10
Figure 25: Encryption in a hybrid cryptosystem 13
Figure 26: Decryption in a hybrid cryptosystem 13
Figure 27: Digitally signing a message 16
Figure 28: Signing a message using one-way hash functions 17
Figure 61: 1KP Protocol 66
Figure 62: 2KP Protocol 67
Figure 63: 3KP Protocol 68
List of Tables
Table 61: iKP Security Levels 64
i
1 Introduction
“It is plausible that we could soon be living in a world without expectation of privacy, anywhere or at any time.”
- Bruce Schneier
For thousands of years man has used some form of money as a means of trading. Tokens representing value, such as seashells, beads, and coins, have all been used as payment for goods or services. These tokens, which have been gradually replaced by government issued tender, have become our means of storing wealth. Over the last hundred years, a plethora of payment methods (including credit cards and cheques) have found their way into the consumer market, enabling us to use this wealth in new and innovative ways.
With the advent of the Internet, it became necessary for us to create payment mechanisms which allow for the electronic transfer of value. Although banks have been using electronic fund transfer (EFT) for many years, this approach is not suitable for consumer transactions in general. To date, there have been many systems developed which allow value to be transferred over the Internet, each offering different levels of security and anonymity, and different sets of features. Some of these systems share common features, but there is no general classification of these features available. The classification system adapted from [Grabbe, 1998c] helps us to better understand the landscape of electronic payments.
Figure 1-1 depicts the three categories of electronic payment systems available today, as well as specific implementations that fall within those categories.
· Secure credit card transactions transmit credit card numbers securely over an open network (such as the Internet). These systems use the existing credit card network to process payments.
· Credit-debit systems allow a user to open an account on a payment server, and authorise payments against this account. Depending on whether the account is allowed to have negative balance or not, it is called a credit or debit system.
· Digital token systems allow a user to purchase digital tokens and use these tokens as they would use cash. The tokens themselves represent value, just as bank notes and coins represent value.
Figure 11: Electronic payment systems
Coins have traditionally carried their own value in gold, silver, or copper, whereas notes carry a promise from an underwriter (such as a government or bank) to redeem the note for value. The physical value of bits is negligible, thus any digital token system would more closely resemble paper cash – it can be no more than a promise to redeem a digital token for value. The term ‘digital coin’ is used in the literature to refer to a single digital token that can be redeemed for value. It does not imply that the token carries its own value, as a physical coin would.
In the virtual world, the payment systems available to us should at least equal those that are available in the physical world. Each of the categories in Figure 1-1 has an analogous payment mechanism in the physical world. To complete the picture, we need an electronic equivalent to paper cash, which would allow for anonymous transactions on the Internet. The terms ‘digital cash’, ‘e-cash’, and ‘electronic cash’ are used interchangeably to refer to an electronic equivalent to paper cash. They form a subset of the digital token systems in Figure 1-1.
In this project we explain what digital cash is, and how to achieve it. Having examined the theory and analysed some current proposals, we adapt some existing classification schemes in literature to produce our own classification scheme for electronic payment mechanisms, and digital cash in particular. We then consider a case study, the Rhodes University campus, classify the requirements in terms of our model, and use this framework to make recommendations for an electronic payment system on campus.
Our discussion about digital cash proceeds as follows:
Chapter 2 is an introduction to basic cryptography, including how public-key cryptography and digital signatures work. Cryptography is used in almost every secure electronic payment system, and is an essential component in protecting against fraud and providing anonymity, thus a basic understanding of it is important.
Chapter 3 looks at the mathematics behind some of the algorithms necessary to implement digital cash. These algorithms form the core of digital cash, and are also discussed at a higher level in Chapter 5.
Chapter 4 presents a detailed description of what attributes an electronic payment system must satisfy in order to be considered digital cash. These attributes are fairly general, and help determine the quality of proposed digital cash systems.
Chapter 5 discusses ways in which we can achieve some of the attributes of digital cash presented in Chapter 4. No system exists which satisfies all the criteria of Chapter 4, but properties of systems that satisfy some of the criteria are discussed.
Chapter 6 presents an overview of the iKP, a family of protocols developed by IBM to allow for secure credit card transactions on the Internet. iKP is then contrasted with digital cash systems. This is important because it presents a broader overview of electronic payment schemes, and helps clarify digital cash. By the end of this chapter we are in a position to adopt and motivate the classification shown in Figure 1-1.
Chapter 7 is a case study, which draws on all the previous chapters to make a recommendation for an electronic payment system that might be used on the Rhodes University campus.
Chapter 8 concludes by summarising what we are capable of doing with digital cash, and the areas that still need more research.
2 Cryptography – A Look Behind the Scenes
“Without cryptography, e-commerce could never enter the mainstream.”
- Bruce Schneier
Cryptography is the most basic building block of any secure transaction. It provides us with confidentiality (hiding of message contents), authentication (determining the origin of a message), integrity (verifying that a message has not been modified in transit), and non-repudiation (not allowing a sender to deny that he sent a message) [Schneier, 1996]. It gives us a virtual envelope in which to hide our message, and a virtual pen with which to sign it.
2.1 Terms and Definitions
The content of a message is called the plaintext, or cleartext. Sending a message in plaintext is like writing all your correspondence on the back of a postcard – it is easily readable by anyone. Encryption is the process that allows us to hide the contents of a message. Plaintext is encrypted to produce ciphertext, which can then be decrypted to reproduce the original plaintext [Schneier, 1996].
A cryptographic algorithm, or cipher, is a mathematical function used to encrypt plaintext and decrypt ciphertext. Two separate algorithms are normally used for encryption and decryption. Modern cryptography has learnt the hard way that strong encryption should not depend on the secrecy of the cryptographic algorithm. A key is used together with the cryptographic algorithm, making the encryption and decryption dependent on this key. The length of the key is important in order to prevent brute force attacks on the cipher. A brute force attack is one where every possible key in the keyspace (range of all possible values of a key) is tried until the correct decryption is found. A longer key makes it more difficult to launch a brute force attack, but also makes encryption and decryption take longer[1] [Schneier, 1996].
We denote the plaintext of a message by m, and the ciphertext by c. EK(m) denotes the encryption of a plaintext message m with respect to a key K. DK(c) denotes the decryption of the ciphertext c with respect to a key K. Thus,
DK(EK(m)) = DK(c) = m
for a cipher that uses the same key for encryption and decryption.
Figure 2-1 [Network Associates, 1999] illustrates the process of encrypting plaintext to produce ciphertext, and decrypting the ciphertext to reproduce the plaintext.
Figure 21: Encryption and decryption
2.2 Symmetric Algorithms
The first type of key-based cryptographic algorithm is a symmetric algorithm. In such an algorithm, the encryption key can be calculated from the decryption key, and vice versa. In most symmetric algorithms, the encryption and decryption keys are the same. These are called secret-key algorithms. The security of the algorithm is achieved by keeping the key secret [Schneier, 1996]. In a secret-key algorithm:
EK(m) = c
DK(c) = m
Symmetric algorithms are good for encrypting one’s own files, but less useful for encrypting messages to other people. This is because both the sender and receiver have to agree on a secret key before they can communicate securely. In order to do this they need a secure channel over which to transmit the key. Figure 2-2 [Menezes et al, 1996] shows how Alice uses a secure channel to agree on a key with Bob, which is then used to encrypt messages over an unsecured channel, monitored by an adversary who wants to read their messages.