当前位置:首页 >> 建筑/土木 >>

h a collision-resistance hash function


Solutions to Security Problems of Rivest and Shamir' s PayWord
Authors: Norio Adachi, Satoshi Aoki, Yuichi Komano, Kazuo
Ohta

Source: IEICE Transactions on Fundamentals, Vol. E88-A,
No. 1 January 2005 Speaker: Yi-Fang Cheng Date: 2005/11/17

1

Introduction (1/2)
Micropayment system (PayWord)
Why needs mrcropayment ?
Non-free website Pay-per-view movie

Characteristic
Low communication Low computation (special for the customer)

2

Introduction (2/2)
diagram of PayWord
Bank
credit redeem

Consumer

payment

Shop

3

Rivest and Shamir' s PayWord (1/4)
Notations
IDB / IDU / IDS: identity of Bank / Consumer / Shop PKB,SKB: public and private key pair of Bank PKU,SKU: public and private key pair of Consumer { M }SKB : digital signature signed by Bank using key SKB { M }SKU : digital signature signed by Consumer using key SKU h : a collision-resistance hash function

4

Rivest and Shamir' s PayWord (2/4)
credit
Bank Consumer
CU ={IDB, IDU, AddrU, PKU, E, IU }SKB

AddrU: Consumer’s delivery address E: expiration date of CU IU: other information (such as credit limit, information on how to contact Bank)

5

Rivest and Shamir' s PayWord (3/4)
payment
Consumer
wn → wn-1 →…→ w1 →w0 M = {IDS, CU, w0, n, D }SKU M request1, ( w1, 1 ) goods requesti, ( wi, i ) wn: random number n: suitable number of coin to pay D: current date
6 h h h h

Shop

verify M h(w1) ? w0 = ? h(wi) = wi-1

goods …



Rivest and Shamir' s PayWord (4/4)
redeem

Shop
M, (wj, j)

Bank

verify M and wj update account

7

Problems of PayWord
Consumer certificate abuse attack
M1

Shop 1 Shop 2 ….. Bank

Consumer
Mv

M2

Shop v

Bank impersonates an unexistent consumer

8

Proposed protocol (1/2)
Payment
Consumer
wn → wn-1 →…→ w1 →w0 M = {IDS, CU, w0, n, E}SKU M IDU,M, r verify M pool money CU’ request i,(wi, i) CU’={ IDU, M, YES, r, I }SKB
h h h h

Shop

Bank

E: expiration date of M r: random number I: additional information
9

Proposed protocol (1/2)
Redeem
Shop
M, (wk, k) verify M and wk retrieve pooled money

Bank

10

Conclusion
The authors proposed a modification on PayWord to overcome 2 security problems.

11



相关文章:
更多相关标签: