Executable Financial Instruments and MicroMint on the Cheap

About This Presentation
Title:

Executable Financial Instruments and MicroMint on the Cheap

Description:

Title: Client Puzzles Author: Ari Juels Last modified by: Ari Juels Created Date: 2/1/1999 4:07:40 PM Document presentation format: On-screen Show (4:3) – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0

less

Transcript and Presenter's Notes

Title: Executable Financial Instruments and MicroMint on the Cheap


1
Executable Financial Instrumentsand MicroMint
on the Cheap
with Markus Jakobsson Bell Laboratories
Ari Juels RSA Laboratories
2
The Web provides an excellent means of
communication with all kinds of people...
Hi. My name is Darlene.
Im a model. Want to meet
sometime?
3
The Web provides an excellent means of
communication with all kinds of people...
Darlene
you know nothing about.
4
The Web provides an excellent means of
communication and commerce...
For sale
Hi. Id like to buy your
car. Ill pay 106,000.
OK?
5
The Web provides an excellent means of
communication and commerce...
with people you know nothing about.
6
Aim Flexible commerce with minimal trust
You
7
Two Ideas Today
  • MicroMint Outsourcing
  • X-cash Executable financial instruments

8
MicroMint
  • Want a scheme that mimics economics of physical
    mint
  • Verifying validity of a coin is easy
  • Base minting cost is high so...
  • Forgery is expensive

9
The minting process
  • . Throw balls (jellybeans) into bins using
    random function h
  • . Any bin with two balls (jellybeans) is a coin

10
Minting in MicroMint
h
Collision Coin
Bin 1
Bin 2
Bin 3
Bin 4
Bin 5
Bin 6
Bin 9
Bin 7
Bin 8
11
Checking a coin
h
Valid coin?
Bin 2
12
Features
  • Many bins, so need to throw many balls
    (jellybeans) to mint successfully
  • Minting requires very intensive computation

13
Minting requires special, e.g., 250,000 computer
Deep Crack
14
Another characteristic Most balls are
invalid
h
Bin 1
Bin 2
Bin 3
Bin 4
Bin 5
Bin 6
Bin 9
Bin 7
Bin 8
In fact, gt99 of work goes to missed balls!
15
Idea Make three stage process
  • . Create valid balls, i.e., balls that
    wont miss (gt99 of work)
  • . Throw balls into bins using random function h
    (lt1 of work)
  • . Any bin with two balls is a coin

16
Have many other (untrusted) people do Step 1
17
Now...
  • 99 of work is done for minter
  • No participant will get enough balls to do
    minting himself/herself (or else
    participants know validity h but not throwing
    h)
  • Minting is cheap for minter!

18
Minter can use ordinary server
19
Application III Secure multiparty computation
20
Questions?
?
21
X-cash Executable Digital Cash
  • Ari Juels
  • RSA Laboratories
  • joint work with
  • Markus Jakobsson, Bell Labs
  • 23rd February 1998

22
The Internet Many entities wishing to trade with
one another

Internet
23
Peer-to-peer trading can be problematic
  • Peer-to-peer interaction can create
    communications bottlenecks
  • Anonymity (both ways) is hard to protect in a
    peer-to-peer setting
  • Would like computational load involved with
    trading to be handled by servers, not clients

24
Therefore, we would like trade to occur in a
distributed fashion.

25
A vehicle for distributed trade Mobile agents
Program Documentation
To Internet
26
A problem Pick-pocketing
27
Other problems
  • Maliciously modified code
  • Intercepted purchases
  • A different scenario than digital cash multiple
    spending may be permissible

28
A solution X-cash
  • Idea Make redemption of cash conditional on
    delivery of desired goods

29
First tool A program that knows what it wants
  • Mobile Agent includes a code segment P
  • P takes as input potential purchase items
  • P outputs amount user is willing to pay

E.g., airline tickets
P
Paris
300
30
Second toolNegotiable certificate
Bank holds (SKB, PKB) Alice holds (SKA, PKA)
Alice
SIGSK (PKA, 500)

B
PKA
Alice
(300, For Bob),
sSK
A
Alice
SIGSK
SIGSK
(300,For Bob),
A
A
31
Idea Bind negotiable certificate to agent
program P

X-cash
. . .Then send off via mobile agent
32
When Bob receives the mobile agent
Bob
33
Bob can assess and authenticate Alices offer for
his tickets

300
34
The bank can verify and process the transaction

PKA
, SIGPK (P)
300
A
  • Bank gives 300 to Bob, deducting against the
    negotiable certificate
  • Bank receives and holds tickets for Alice, or
    sends them to her

35
An Example

36
Alice needs ticket to important conference in
Caribbean
  • She will pay 300 for business class to St.
    Martin
  • She will pay 600 for first class fare to St.
    Martin
  • She will pay 400 for business class to Anguilla
  • She will pay 700 for first class to Anguilla

37
Alice creates a program P
  • Input to P An airline ticket
  • Airline ticket may include certificates and
    signatures, e.g., airline certificate, travel
    agent certificate, etc.
  • P includes root certificates
  • Output of P Amount Alice will pay
  • Conditional on correct dates, transferability of
    ticket, etc.

38
Alice gets a negotiable certificate
  • Alice generates key pair (PKA, SKA).
  • Alice withdraws a negotiable certificate
    . SIGSK (PKA, 700).

PKA
B
39
Alice creates X-cash and sends mobile agent
PKA
,SIGPK (P)
A
40
Bobs Travel has a business class ticket T to
Anguilla for sale

41
Bob does the following
  • Checks certificates and signatures in Alices
    mobile agent
  • Generates signatures tA transferring ownership of
    ticket T to Alice
  • Runs P(T,tA) on a ticket T and signatures tA
    transferring ownership to Alice
  • Sees output 400
  • Sends and T, tA to bank

42
The Bank does the following
  • Verifies certificates and signatures in Alices
    agent
  • Sees that P(T,tA)400
  • Then
  • Deducts 400 against Alices negotiable
    certificate
  • Gives 400 to Bob
  • Holds T,tA for Alice and notifies her

43
X-cash extensions

44
Double spending
  • How does Alice know that Bob didnt sell the
    ticket twice?
  • An issue with any digital cash system. Solutions
  • On-line verification
  • Penalization after fact
  • Tamper resistance (for Bob)

45
Anonymity
  • X-cash can be rendered anonymous using the
    following ideas
  • Blind withdrawal of certificates with conditional
    revocation of anonymity
  • Anonymous re-mailers for delivery of goods (e.g.,
    airline tickets)

46
Stateful offers
  • In the examples above, Alices program P had no
    external state. This need not be the case.

47
Example of stateful offer
  • Alice wants to sell 100 ounces of gold at the
    market price
  • Alices program P contacts a Web site to get the
    current price of gold
  • Bob includes in his response C a value GB -- the
    maximum price he is willing to pay
  • When the Bank runs P(C), Bank checks that
    transaction cost is at most GB, as per Bobs
    response.

48
Multiple banks
  • We assume above a single, universally trustworthy
    bank.
  • X-cash can be adapted for infrastructures with
    multiple, mutually suspicious banks.

49
Conclusion
  • X-cash is a simple means of achieving trusted
    commerce in a distributed setting like the
    Internet.

To Internet
Write a Comment
User Comments (0)
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Executable Financial Instruments and MicroMint on the Cheap" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!