Electronic money
Although “ electronic money ” is not a new term, it just so happened that they have not yet found a wide practical application. Research in this direction has been going on since 1989, but still it has not been possible to develop an ideal system that meets all the requirements imposed on it. And now, relatively recently, in an open publication appeared articles (and here ), describing the idea of building new - “ compact electronic money ”. It seemed very interesting to us, and we would like to tell a little about it. In order not to burden the presentation with a variety of technical details, let us try to briefly describe the device, system features and indicate the risks.
Immediately, we note that electronic money is not a payment order - it is an impersonal means of payment , as well as paper money. They do not indicate the personal data of the owner or his account number, that is, nothing but the face value. They have their own value.
In any electronic money, the atomic unit of payment is an electronic coin . She, like the paper bill, contains a serial number and EDS of the bank, certifying its authenticity. Also, the coin may contain some additional information, depending on the system. For example, a different denomination, if the system uses coins of various denominations. "Electronic weight" of the coin 200 bytes.
')
One of the features of this system is “compactness”. Electronic coins are combined into small "wallets", for example, 100 coins each. The wallet contains initialization values for its hundreds of coins. And while it weighs about 250 bytes. This allows not only to store coins more efficiently, but also to make payments: you can pay with a whole (“unopened”) wallet instead of paying out 100 coins in succession. The target device for storing electronic money of this system can be considered not only a PDA or a communicator, but also smart cards.
The user has a personal bank account.
The seller , knowing only the public key of the bank, can independently verify the authenticity of electronic coins. Thus, the payment can be made without connecting to the bank. In each step of the payment protocol:
It is extremely important that in these protocols the user does not forward his public key, i.e. the seller does not know anything about the identity of the buyer. Also, the accepted coins are “attached” to the seller’s private key, and only he can deposit them into his account:
It is clear that a bank account can always be blocked, thus preventing the possibility of withdrawal from the account. But a more serious risk is anonymous copying and payment, while being offline. Even worse, if an unknown person somehow takes possession of someone else's smart card with a PIN code. Such is the current stage in the development of electronic money payback for efficiency. Expected solutions:
For experiments " live ", we implemented a test prototype of such a payment system with the parameters of " combat " cryptography to look at it in work. Payment of 4999 coins from a PDA via Bluetooth takes about 10 seconds .
The system is not perfect, but already offers new functionality. Do you think anonymous electronic money is needed? Will we expect this in perspective? Or for everyday calculations safer customary paper money? We would be grateful to hear your opinion.
PS If “multi-book” is excusable, and it will be interesting, then we will gladly highlight interesting moments in details ...
What is it?
Immediately, we note that electronic money is not a payment order - it is an impersonal means of payment , as well as paper money. They do not indicate the personal data of the owner or his account number, that is, nothing but the face value. They have their own value.
In any electronic money, the atomic unit of payment is an electronic coin . She, like the paper bill, contains a serial number and EDS of the bank, certifying its authenticity. Also, the coin may contain some additional information, depending on the system. For example, a different denomination, if the system uses coins of various denominations. "Electronic weight" of the coin 200 bytes.
')
One of the features of this system is “compactness”. Electronic coins are combined into small "wallets", for example, 100 coins each. The wallet contains initialization values for its hundreds of coins. And while it weighs about 250 bytes. This allows not only to store coins more efficiently, but also to make payments: you can pay with a whole (“unopened”) wallet instead of paying out 100 coins in succession. The target device for storing electronic money of this system can be considered not only a PDA or a communicator, but also smart cards.
How it works.
The user has a personal bank account.
- Having connected to the bank via the Internet or a terminal, the user is authenticated to access the account and requests the necessary amount.
- The user himself generates the necessary e-wallets containing initialization values for future serial numbers (per 100 coins), encrypts the wallets using a blind signature algorithm and sends them to the bank.
- The bank makes sure that the wallet is made correctly (legitimately).
- The bank cannot find out the initial value of the purse for serial numbers, but can introduce a randomness into it so that the user does not “pick up” the serial numbers for himself. After that, the bank signs the accepted wallet, certifying its authenticity, and sends it back to the user.
The seller , knowing only the public key of the bank, can independently verify the authenticity of electronic coins. Thus, the payment can be made without connecting to the bank. In each step of the payment protocol:
- The seller sends each time a different “ question ” (random number) to the buyer.
- The buyer, using this “ question ”, the seller’s public key, his private key, the bank's signature and the generated serial number, forms a coin from the wallet and sends it to the seller. Only now the coin is assigned its serial number and becomes open, which ensures the anonymity of the user.
- The seller makes sure that the coin was formed correctly and, if successful, accepts it.
It is extremely important that in these protocols the user does not forward his public key, i.e. the seller does not know anything about the identity of the buyer. Also, the accepted coins are “attached” to the seller’s private key, and only he can deposit them into his account:
- The seller sends the accepted electronic coins to the bank along with the corresponding " questions " (random numbers of payment protocols).
- The bank, having verified that the seller has not used this random number before, checks the coins in an identical way as the seller did.
- Next, the bank scans the database for the presence of coins with the same serial number. If a coin was discovered, then ... due to the fact that the coins were formed in response to different "questions" - they have a different idea. It is guaranteed that if illegal copying took place, the fact of the repayment of the already used coin will allow the bank to identify the owner of this coin. Although, if a coin enters the bank in a single copy, the bank will know absolutely nothing about who spent it, as well as the seller. Thus, complete anonymity is provided for law-abiding users and the identification of fraudsters (perpetrators of copying) is inevitable.
Features of the system.
- The compactness of storing coins allows you to have enough cash with you for everyday expenses. Even on smart cards.
- At the same time, the ability to pay online / offline is achieved, while cryptographic methods ensure the complete anonymity of system users.
- Even with the implementation of interaction through open communication channels, the cash intercepted from the user or seller cannot be spent or deposited into your account without knowing the secret key.
- In the implementation on the PDA, the user controls the amount of money paid, as opposed to a credit card.
- Storage of cash in digital form allows you to make backup copies of electronic money in case of loss of the carrier.
- Public-key cryptography requires significantly more computational resources and time-consuming costs for hacking / counterfeiting compared with falsification of paper cash.
Risks.
It is clear that a bank account can always be blocked, thus preventing the possibility of withdrawal from the account. But a more serious risk is anonymous copying and payment, while being offline. Even worse, if an unknown person somehow takes possession of someone else's smart card with a PIN code. Such is the current stage in the development of electronic money payback for efficiency. Expected solutions:
- Since the coin databases should not grow indefinitely, the need to add a time parameter to the wallet is obvious. Coins withdrawn from the account more than a year ago require updating or depositing back to the account, and coins withdrawn for more than a month (of a different period selected by the user) are not accepted for offline payment. In the online payment, the bank can, regardless of the past month, determine whether a copy was made from the coin or not and accept it. And the attacker will be strictly limited time period to take advantage of the situation.
- Risks for offline mode are quite difficult to calculate at the moment. Therefore, it is planned to make payments in this mode in a limited segment of payments: public transport, newsstands, small cafes, etc.
For experiments " live ", we implemented a test prototype of such a payment system with the parameters of " combat " cryptography to look at it in work. Payment of 4999 coins from a PDA via Bluetooth takes about 10 seconds .
Conclusion
The system is not perfect, but already offers new functionality. Do you think anonymous electronic money is needed? Will we expect this in perspective? Or for everyday calculations safer customary paper money? We would be grateful to hear your opinion.
PS If “multi-book” is excusable, and it will be interesting, then we will gladly highlight interesting moments in details ...
Source: https://habr.com/ru/post/56720/
All Articles