27-10-2016, 09:10 AM
1461500803-ecash.pdf (Size: 95.7 KB / Downloads: 2)
INTRODUCTION
With the onset of the Information Age, our nation is becoming increasingly dependent upon network
communications. Computer-based technology is significantly impacting our ability to access, store,
and distribute information. Among the most important uses of this technology is electronic commerce:
performing financial transactions via electronic information exchanged over telecommunications lines.
A key requirement for electronic commerce is the development of secure and efficient electronic
payment systems. The need for security is highlighted by the rise of the Internet, which promises to be a
leading medium for future electronic commerce. Electronic payment systems come in many forms
including digital checks, debit cards, credit cards, and stored value cards. The usual security
features for such systems are privacy (protection from eavesdropping), authenticity (provides user
identification and message integrity), and no repudiation (prevention of later denying having performed
a transaction). The type of electronic payment system focused on in this paper is electronic cash. As the
name implies, electronic cash is an attempt to construct an electronic payment system modelled after
our paper cash system. Paper cash has such features as being: portable (easily carried), recognizable (as
legal tender) hence readily acceptable, transferable (without involvement of the financial
network), untraceable (no record of where money is spent), anonymous (no record of who spent the
money) and has the ability to make "change." The designers of electronic cash focused on preserving the
features of untraceability and anonymity. Thus, electronic cash is defined to be an electronic payment
system that provides, in addition to the above security features, the properties of user anonymity and
payment untraceability.. In general, electronic cash schemes achieve these security goals via digital
signatures. They can be considered the digital analog to a handwritten signature. Digital signatures are
based on public key cryptography. In such a cryptosystem, each user has a secret key and a
public key. The secret key is used to create a digital signature and the public key is needed to verify the
digital signature. To tell who has signed the information (also called the message), one must
be certainone knows who owns a given public key. This is the problem of key management, and its
solution requires some kind of authentication infrastructure. In addition, the system must have adequate
network and physical security to safeguard the secrecy of the secret keys.
This report has surveyed the academic literature for cryptographic techniques for implementing secure
electronic cash systems. Several innovative payment schemes providing user anonymity and
payment untraceability have been found. Although no particular payment system has been thoroughly
analyzed, the cryptography itself appears to be sound and to deliver the promised anonymity. These
schemes are far less satisfactory, however, from a law enforcement point of view. In particular, the
dangers of money laundering and counterfeiting are potentially far more serious than with paper cash.
These problems exist in any electronic payment system, but they are made much worse by the presence
of anonymity. Indeed, the widespread use of electronic cash would increase the vulnerability of the
national financial system to Information Warfare attacks. We discuss measures to manage these risks;
these steps, however, would have the effect of limiting the users' anonymity.
WHAT IS ELECTRONIC CASH?
We begin by carefully defining "electronic cash." This term is often applied to any electronic payment
scheme that superficially resembles cash to the user. In fact, however, electronic cash is a specific kind of
electronic payment scheme, defined by certain cryptographic properties. We now focus on these
properties.
1 Electronic Payment
The term electronic commerce refers to any financial transaction involving the electronic transmission of
information. The packets of information being transmitted are commonly called electronic tokens.
One should not confuse the token, which is a sequence of bits, with the physical media used to store and
transmit the information. We will refer to the storage medium as a card since it commonly takes
the form of a wallet-sized card made of plastic or cardboard. (Two obvious examples are credit cards and
ATM cards.) However, the "card" could also be, e.g., a computer memory. A particular kind of electronic
commerce is that of electronic payment. An electronic payment protocol is a series of transactions, at
the end of which a payment has been made, using a token issued by a third party. The most common
example is that of credit cards when an electronic approval process is used. Note that our definition
implies that neither payer nor payee issues the token.l The electronic payment scenario assumes three
kinds of players
A payer or consumer, whom we will name Alice. A payee, such as a merchant. We will name the payee
Bob. A financial network with whom both Alice and Bob have accounts. We will informally refer to the
financial network as the Bank.
2 Conceptual Framework
There are four major components in an electronic cash system: issuers, customers, merchants, and
regulators. Issuers can be banks, or non-bank institutions; customers are referred to users who spend ECash;
merchants are vendors who receive E-Cash, and regulators are defined as related government
agencies. For an E-Cash transaction to occur, we need to go through at least three stages:
1. Account Setup: Customers will need to obtain E-Cash accounts through certain issuers. Merchants
who would like to accept E-Cash will also need to arrange accounts from various E-Cash issuers. Issuers
typically handle accounting for customers and merchants.
2. Purchase: Customers purchase certain goods or services, and give the merchants tokens which
represent equivalent E-Cash. Purchase information is usually encrypted when transmitting in the
networks.
3. Authentication: Merchants will need to contact E-Cash issuers about the purchase and the amount of
E-Cash involved. E-Cash issuers will then authenticate the transaction and approve the amount E-Cash
involved.An interaction representing the below transaction is illustrated in the graph below.
3. Classification of e-Cash
E-Cash could be on-line, or off-line. On-Line E-Cash refers to amount of digital money kept by your ECash
issuers, which is only accessible via the network. Off-line E-Cash refers to digital money which you
keep in your electronic wallet or other forms of off-line devices. Another way to look at E-Cash is to see if
it is traceable or not. On-line credit card payment is considered as a kind of "Identified" E-Cash since the
buyer's identity can be traced. Contrary to Identified E- Cash, we have "anonymous" E-Cash which hides
buyer's identity. These procedures can be implemented in either of two ways:
2.1 On-line payment means that Bob calls the Bank and verifies the validity of Alice's token3 before
accepting her payment and delivering his merchandise. (This resembles many of today's credit card
transactions.)
2.2 Off-line payment means that Bob submits Alice's electronic coin for verification and deposit
sometime after the payment transaction is completed. (This method resembles how we make small
purchases today by personal check.)
Note that with an on-line system, the payment and deposit are not separate steps. We will refer to online
cash and off-line cash schemes, omitting the word "electronic" since there is no danger of confusion
with paper cash.
4 Properties of Electronics Cash
Specifically, e-cash must have the following four properties, monetary value, interoperability ,
retrievability & security.
3.1 Monetrary value E-cash must have a monetary value; it must be backed by either cash (currency), or
a back-certified cashiers checqe when e-cash create by one bank is accepted by others , reconciliation
must occur without any problem. Stated another way e-cash without proper bank certification carries
the risk that when deposited, it might be return for insufficient funds.
3.2 Interoperable E-cash must be interoperable that is exchangeable as payment for other e-cash, paper
cash, goods or services , lines of credits, deposit in banking accounts, bank notes , electronic benefits
transfer ,and the like .
3.3 Storable & Retrievable Remote storage and retrievable ( e.g. from a telephone and communication
device) would allow user to exchange e-cash ( e.g. withdraw from and deposit into banking accounts)
from home or office or while traveling .the cash could be storage on a remote computerâ„¢s memory, in
smart cards or in other easily transported standard or special purpose device. Because it might be easy
to create counterfeit case that is stored in a computer it might be preferable to store cash on a dedicated
device that can not be alerted. This device should have a suitable interface to facilitate personnel
authentication using password or other means and a display so that the user can view the cards
content .
5. E-Cash Security
Security is of extreme importance when dealing with monetary transactions. Faith in the security of the
medium of exchange, whether paper or digital, is essential for the economy to function.There are several
aspects to security when dealing with E-cash. The first issue is the security of the transaction.How does
one know that the E-cash is valid? Encryption and special serial numbers are suppose to allow the
issuing bank to verify (quickly) the authenticity of E-cash. These methods are
suseptible to hackers, just as paper currency can be counterfeited. However, promoters of E-cash point
out that the encryption methods used for electronic money are the same as those used to protect
nuclear weapon systems. The encryption security has to also extend to the smartcard chips to insure
that they are tamper resistant. While it is feasible that a system wide breach could occur, it is highly
unlikely. Just as the Federal Government keeps a step ahead of the counterfeiters, cryptography stays a
step ahead of hackers.
1 Physical security of the E-cash is also a concern. If a hard drive crashes, or a smartcard is lost, the Ecash
is lost. It is just as if one lost a paper currency filled wallet. The industry is still developing
rules/mechanisms for dealing with such losses, but for the most part, E-cash is being treated as paper
cash in terms of physical security.
2 Signature and Identification. In a public key system, a user identifies herself by proving that she knows
her secret key without revealing it. This is done by performing some operation using the secret keywhich
anyone can check or undo using the public key. This is called identification. If one uses a message as well
as one's secret key, one is performing a digital signature on the message. The digital signature plays the
same role as a handwritten signature: identifying the author of the message in a way which cannot be
repudiated, and confirming the integrity of the message.
3 Secure Hashing A hash function is a map from all possible strings of bits of any length to a bit string of
fixed length. Such functions are often required to be collision-free: that is, it must be computationally
difficult to find two inputs that hash to the same value. If a hash function is both one-way and collisionfree,
it is said to be a secure hash. The most common use of secure hash functions is in digita
signatures. Messages might come in any size, but a given public-key algorithm requires working in a set
of fixed size. Thus one hashes the message and signs the secure hash rather than the message itself. The
hash is required to be one-way to prevent signature forgery, i.e., constructing a valid-looking signature of
a message without using the secret key. The hash must be collision-free to prevent repudiation, i.e.,
denying having signed one message by producing another message with the same hash. Note that token
forgery is not the same thing as signature forgery. Forging the Bank's digital signature without knowing
its secret key is one way of committing token forgery, but not the only way. A bank employee or hacker,
for instance, could "borrow" the Bank's secret key and validly sign a token.
E-Cash Regulation
A new medium of exchange presents new challenges to existing laws. Largely, the laws and systems used
to regulate paper currency are insufficient to govern digital money.The legal challenges of E-cash entail
concerns over taxes and currency issuers. In addition, consumer liability from bank cards will also have to
be addressed (currently $50 for credit cards). E-cash removes the intermediary from currency
transactions, but this also removes much of the regulation of the currency in the current system.
Tax questions immediately arise as to how to prevent tax evasion at the income or consumption level. If
cash-like transactions become easier and less costly, monitoring this potential underground economy
may be extremely difficult, if not impossible, for the IRS.The more daunting legal problem is controlling a
potential explosion of private currencies. Large institutions that are handling many transactions may
issue electronic money in their own currency. The currency would not be backed by the full faith of the
United States, but by the full faith of the institution. This is not a problem with paper currency, but until
the legal system catches up with the digital world, it may present a problem with e-cash.
Electronic Cash under Current Banking Law
Introduction
The current federal banking system originated during the Civil War with the enactment of the National
Bank Act of 1864 and the creation of a true national currency.[1] Since the enactment of that first major
federal banking legislation, an elaborate, complex and overlapping web of statutes and regulations has
developed governing banking institutions and the "business of banking" in the United States.
[3] The rapidly developing electronic cash technologies raise numerous questions of first impression as
to whether these technologies fall within existing banking regulation, and if so, how.[4]There are also
questions as to how the technologies mesh with the existing payments system.[5] Indeed, certain of the
new technologies raise the possibility of a
new payments system that could operate outside the existing system. Even if it could not, there are
numerous legal questions as to what law governs their operation and as to the applicability of existing
banking law to these technologies. This article identifies and briefly addresses some of the key issues,
which include, among others, bank regulatory, consumer protection, financial privacy and risk allocation
issues as well as matters of monetary policy. Because the legal conclusions as to the applicability of
banking statutes to any particular electronic cash arrangement may depend in large part upon the
specific facts presented by that arrangement, this article of necessity provides only general responses to
the complex legal issues involved in this area.
Existing and Proposed Retail Payment SystemsThere are a number of conventional mediums of payment
in the traditional retail system. They include, for example: coins and currency; checks; money orders;
travelers' checks; bankers' acceptances; letters of credit; and credit cards. There also are
several electronic fund transfer ("EFT") systems in wide use today, including: Automated Teller Machines
("ATMs"): automated devices used to accept deposits, disburse cash drawn against a customer's deminf
account or pre-approved loan account or credit card, transfer funds between
accounts, pay bills and obtain account balance information. ¢ Debit Cards: cards used for purchases
which automatically provide immediate payment to the merchant through a point-of-sale ("POS")
system by debiting the customer's deposit account. ¢ POS Systems: systems that provide computerized
methods of verifying checks and credit availabilities, and debiting or crediting customer accounts.
The new "electronic cash" technologies that are the subject of this article include a wide variety of
approaches in which monetary "value" is stored in the form of electronic signals either on a plastic card
("Stored Value Card Systems") or on a computer drive or disk ("E-Cash Systems"). As is discussed below,
some of these approaches require a network infrastructure and third party payment servers to
process transactions; others allow the direct exchange of "value" between remote transacting parties
without requiring on-line third-party payment servers. These developing electronic cash systems differ
from EFT systems in various respects. A key difference is that in electronic cash systems
the monetary value has been transferred to the consumer's stored value card or computer or other
device before the customer uses it, whereas in EFT systems the value is not transferred toa device
controlled by the customer. Rather, the EFT system is itself the mechanism to transfer value between the
customer's deposit account and the merchant's or other third party's deposit account.
a. Customer establishes account with issuer ("Virtual Bank") by depositing funds with Issuer.
b. Issuer holds funds from customer for future draw by recipient of value from customer.
c. When customer wants to make purchase over the Internet, customer sends encrypted electronic email
message to Virtual Bank requesting funding. Message contains unique digital "signature."
d. Virtual Bank debits customer's account and sends customer digital cash via phone lines to customer's
computer. Digital cash system may create audit trail of transactions or may be anonymous, depending
upon the particular system. In anonymous system, Virtual Bank adds private signature that
only it can create. Computer users can decode public version of signature using key (provided by Virtual
Bank) to verify that digital cash was issued by Virtual Bank.
e. Customer transmits digital cash to vendor, who can verify its authenticity and have it credited to
vendor's account with Virtual Bank, or who can e-mail it to another person or bank account.
f. In all likelihood, Virtual Bank will charge customer and/or vendor a transaction fee or service charge for
use of system (although anonymous systems raise different issues in this regard from accountable
systems)
DIGITAL CASH SYSTEMS
1. Types and Examples of E-Cash Transactions Electronic cash used over computer networks (usually
without involving a plastic card), variously called "digital cash," "electronic cash," "e-cash,"
"cybercurrency," or "cybercash," among other phrases, may have various characteristics. For example, it
may require on-line third-party payment servers to process transactions, or it may be designed so that
value can be exchanged directly between remote transacting parties (e.g., purchaser and vendor)
without the involvement of on-line or off-line third-party payment servers. Digital cash systems are
under development in Europe and the U.S. and include:
Digital Cash an Amsterdam based firm that makes stored value cards for electronic transactions, is
running trials of on-line currency in Holland. In proposed full-blown arrangement, customers would use
local currency to buy equivalent amount of digital cash from a bank. Bank's computer would instruct
special software on user's own PC to issue that amount of money. Instructions would be coded strings of
numbers included in e-mail messages. Users would spend their electronic cash by sending these strings
to sellers. String is untraceable (bank can say only if the number is valid, not to whom it was issued), so
this framework would offer anonymity. First Virtual Holdings, a California company that has built a creditcard
payment system that relies on a private e-mail network to circumvent Internet security problems, began
operating on the Internet in the fall of 1994. Both buyer and seller must have accounts with
First Virtual Holdings. When buyer wishes to purchase an item over the Internet, buyer gives seller buyer's
account number. Seller ships product. Seller e-mails lists of purchases to First Virtual. First Virtual e-mails
buyers to confirm transactions. It is reported that once buyer confirms, First Virtual charges buyer's
conventional credit card and money is transferred to seller's account. If buyer does not confirm, First Virtual
withholds settlement.
2. Potential Steps in Digital Cash Transactions
While there are many possible approaches to structuring digital cash
transactions.
A Simplified Electronic Cash Protocol
We now present a simplified electronic cash system, without the anonymity features.
1 PROTOCOL 1: On-line electronic payment.
Withdrawal: Alice sends a withdrawal request to the Bank. Bank prepares an electronic coin and digitally
signs it. Bank sends coin to Alice and debits her account.
Payment/Deposit: Alice gives Bob the coin. Bob contacts Bank and sends coin. Bank verifies the Bank's
digital signature. Bank verifies that coin has not already been spent. Bank consults its withdrawal records
to confirm Alice's withdrawal. (optional)
Bank enters coin in spent-coin database. Bank credits Bob's account and informs Bob. Bob gives Alice the
merchandise. One should keep in mind that the term "Bank" refers to the financial system that issues
and clears the coins. For example, the Bank might be a credit card company, or the overall banking
system. In the latter case, Alice and Bob might have separate banks. If that is so, then the
"deposit" procedure is a little more complicated Bob's bank contacts Alice's bank, "cashes in" the
coin,and puts the money in Bob's account.
2 PROTOCOL 2: Off-line electronic payment.
Withdrawal: Alice sends a withdrawal request to the Bank. Bank prepares an electronic coin and digitally
signs it. Bank sends coin to Alice and debits her account. Payment: Alice gives Bob the coin. Bob verifies
the Bank's digital signature. (optional) Bob gives Alice the merchandise.
Deposit: Bob sends coin to the Bank. Bank verifies the Bank's digital signature. Bank verifies that coin has
not already been spent. Bank consults its withdrawal records to confirm Alice's withdrawal.
(optional) Bank enters coin in spent-coin database.
Bank credits Bob's account. The above protocols use digital signatures to achieve authenticity.
The authenticity features could have been achieved in other ways, but we need to use digital signatures
to allow for the anonymity mechanisms we are about to add.
Untraceable Electronic Payments
In this section, we modify the above protocols to include payment untraceability. For this, it is necessary that
the Bank not be able to link a specific withdrawal with a specific deposit. This is accomplished using a special
kind of digital signature called a blind signature. We will give examples of blind signatures in 3.2, but for now
we give only a high-level description. In the withdrawal step, the user changes the message to be signed using
a random quantity. This step is called "blinding" the coin, and the random quantity is called the
blinding factor. The Bank signs this random-looking text, and the user removes the blinding factor. The user
now has a legitimate electronic coin signed by the Bank. The Bank will see this coin when it is submitted
for deposit, but will not know who withdrew it since the random blinding factors are unknown to the Bank.
(Obviously, it will no longer be possible to do the checking of the withdrawal records that was an
optional step in the first two protocols.) Note that the Bank does not know what it is signing in the
withdrawal step. This introduces the possibility that the Bank might be signing something other than what it
is intending to sign. To prevent this, we specify that a Bank's digital signature by a given secret key is valid
only as authorizing a withdrawal of a fixed amount. For example, the Bank could have one key for a $10
withdrawal, another for a $50 withdrawal, and so on.7 In order to achieve either anonymity feature, it is of
course necessary that the pool of electronic coins be a large one. one could also broaden the concept of
"blind signature" to include interactive protocols where both parties contribute random elements to the
message to be signed.
PROTOCOL 3: Untraceable On-line electronic payment.
Withdrawal: Alice creates an electronic coin and blinds it. Alice sends the blinded coin to the Bank with a
withdrawal request. Bank digitally signs the blinded coin. Bank sends the signed blinded coin to Alice and
debits her account. Alice unblinds the signed coin. Payment/Deposit: Alice gives Bob the coin. Bob contacts
Bank and sends coin. Bank verifies the Bank's digital signature. Bank verifies that coin has not already been
spent. Bank enters coin in spent-coin database. Bank credits Bob's account and informs Bob. Bob gives Alice
the merchandise.
PROTOCOL 4: Untraceable Off-line electronic payment.
Withdrawal: Alice creates an electronic coin and blinds it. Alice sends the blinded coin to the Bank with a
withdrawal request. Bank digitally signs the blinded coin. Bank sends the signed blinded coin to Alice and
debits her account. Alice unblinds the signed coin. Payment: Alice gives Bob the coin. Bob gives Alice the
merchandise.
Deposit: Bob sends coin to the Bank. Bank verifies the Bank's digital signature. Bank verifies that coin has not
already been spent. Bank enters coin in spent-coin database. Bank credits Bob's account.
Including Identifying Information
We must first be more specific about how to include (and access when necessary) the identifying information
meant to catch multiple spenders. There are two ways of doing it: the cut-and-choose method and zeroknowledge
proofs. Cut and Choose. When Alice wishes to make a withdrawal, she first constructs and blinds a
message consisting of K pairs of numbers, where K is large enough that an event with probability 2-K will
never happen in practice. These numbers have the property that one can identify Alice given both pieces of a
pair, but unmatched pieces are useless. She then obtains signature of this blinded message from the Bank.
(This is done in such a way that the Bank can check that the K pairs of numbers are present and have the
required properties, despite the blinding.) When Alice spends her coins with Bob, his challenge to her is a
string of K random bits. For each bit, Alice sends the appropriate piece of the corresponding pair. For
example, if the bit string starts 0110. . ., then Alice sends the first piece of the first pair, the second piece of
the second pair, the second piece of the third pair, the first piece of the fourth pair, etc. When Bob deposits
the coin at the Bank, he sends on these K pieces. If Alice re-spends her coin, she is challenged a second time.
Since each challenge is a random bit string, the new challenge is bound to disagree with the old one in at least
one bit. Thus Alice will have to reveal the other piece of the corresponding pair. When the Bank receives the
coin a second time, it takes the two pieces and combines them to reveal Alice's identity.
Although conceptually simple, this scheme is not very efficient, since each coin must be accompanied by 2K
large numbers.
E-cash will be a major leap for the Indian consumer
In the beginning, there was barter. Then came currency, cheques, credit cards. And now we have E-cash, a
new concept launched by Escorts Finance which, if it succeeds, will mark a important step towards electronic
commerce and digital cash. Jayant Dang, Managing Director of Escorts Finance, spoke to Tanmaya Kumar
Nanda about how E-cash operates and the company's plans for the future. *How exactly does E-cash
work? Well, it's really very simple. Basically, it's an ordinary card, made by Shlumberger, but with a very smart
mind. Instead of a magnetic strip, you have an actual microchip containing all the data about that particular
account is built into the card. All you have to do is operate the card with a unique Personal Identification
Number (PIN) that gives you credit facilities as well as full security against misuse as long as you keep it to
yourself. The customer has to pay an annual sum for the use of the card.
* How does that make it any different from any of the other credit
cards that have flooded the market? In the first place, E-cash is not a credit card. Here, all that you have to do
is deposit any amount of money with either the company or with any of the outlets that have E-cash facilities.
In return, you get the card which can then be used to make any purchase that you want. And
the company will be installing Verifone terminals at its own cost at stores across Delhi, to begin with. The
difference is that E-cash is essentially your own cash that you are using, unlike a credit card where the bank is
lending you the money at a given interest rate. With E-cash, there's no interest because it's your money to
being with. Also, transaction is much faster -- all it takes is about 45 seconds for the whole operation. The
customer will not be paid an interest on the amount deposited with us because we are not a savings bank.
But there will be bonuses given for large amounts deposited with us. bank accounts. Also, in the West, credit
and debit cards work better because of better online connectivity, so cash cards are low-value affairs.
CONCLUSION
Electronic cash system must have a way to protect against multiple spending. If the system is implemented
on-line, then multiple spending can be prevented by maintaining a database of spent coins and checking this
list with each payment. If the system is implemented off-line, then there is no way to prevent multiple
spending cryptographically, but it can be detected when the coins are deposited. Cryptographic solutions
have been proposed that will reveal the identity of the multiple spenders while preserving user anonymity
otherwise. Token forgery can be prevented in an electronic cash system as long as the cryptography is sound
and securely implemented, the secret keys used to sign coins are not compromised, and integrity is
maintained on the public keys. However, if there is a security flaw or a key compromise, the anonymity of
electronic cash will delay detection of the problem. Even after the existence of a compromise is detected,
the Bank will not be able to distinguish its own valid coins from forged ones. The untraceability property of
electronic cash creates problems in detecting money laundering and tax evasion because there is no way to
link the payer and payee. However, this is not a solution to the token forgery problem because there may be
no way to know which deposits are suspect. In that case, identifying forged coins would require turning
over all of the Bank's deposit records to the trusted entity to have the withdrawal numbers
decrypted. Allowing transfers magnifies the problems of detecting counterfeit coins, money laundering, and
tax evasion. Coins can be made divisible without losing any security or anonymity features, but at the
expense of additional memory requirements and transaction time. In conclusion, the potential risks in
electronic commerce are magnified when anonymity is present. Anonymity creates the potential for large
sums of counterfeit money to go undetected by preventing identification of forged coins. It is necessary to
weigh the need for anonymity with these concerns. It may well be concluded that these problems are best
avoided by using a secure electronic payment system that provides privacy, but not anonymity