Peppercoin Micropayments

Similar documents
PayWord and MicroMint: Two Simple MicroPayment Schemes

Electronic payment systems

Electronic Payments. EITN40 - Advanced Web Security

Cryptography: Authentication, Blind Signatures, and Digital Cash

Comparing and contrasting micro-payment models for E-commerce systems

4 Electronic Payment Systems

Electronic Payment Systems

Internet Usage (as of November 1, 2011)

An Internet Based Anonymous Electronic Cash System

Lecture 2: Complexity Theory Review and Interactive Proofs

Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones

Interoperable Mobile Payment A Requirements-Based Architecture

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Third Edition. Copyright 2007 Pearson Education, Inc.

7 Electronic Payment Systems

Electronic Payments Part 1

MA 1125 Lecture 14 - Expected Values. Friday, February 28, Objectives: Introduce expected values.

Electronic Payment Systems


Notice of Change in Terms for your Deposit Accounts. Redding Bank of Commerce Deposit Accounts Account Terms and Conditions

CASH ISA SAVINGS CONDITIONS. For use from 2nd September 2016.

The Definition of Electronic Payment

Application of Electronic Currency on the Online Payment System like PayPal

An Analysis of the Bitcoin Electronic Cash System

Probabilistic Strategies: Solutions

Computer Security: Principles and Practice

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005

Store Use Only: Identification requires a valid driver s license and/or government issued photo ID

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Payments and Revenues. Do retail payments really matter to banks?

Electronic Cash Payment Protocols and Systems

Payment systems. Tuomas Aura T Information security technology

Security in Electronic Payment Systems

Payment systems. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2015

Credit card: permits consumers to purchase items while deferring payment

Crittografia e sicurezza delle reti. Digital signatures- DSA

Easy Casino Profits. Congratulations!!

Decision Making under Uncertainty

Payment systems. Tuomas Aura T Information security technology. Aalto University, autumn 2012

Question: What is the probability that a five-card poker hand contains a flush, that is, five cards of the same suit?

Improved Online/Offline Signature Schemes

What is an annuity? The basics Part 1 of 8

Public Key Cryptography: RSA and Lots of Number Theory

BANKING CHARGES. April 2016

Comparing and Contrasting Micro-payment Models for Content Sharing in P2P Networks

Authentication Types. Password-based Authentication. Off-Line Password Guessing

APS Gateway New Merchant Set-up

Public Key Cryptography and RSA. Review: Number Theory Basics

Merchant Account Glossary of Terms

Probability. Section 9. Probability. Probability of A = Number of outcomes for which A happens Total number of outcomes (sample space)

Electronic Payment Systems on Open Computer Networks: A Survey

DEVELOPMENT OF CERTIFICATE LESS DIGITAL SIGNATURE SCHEME & ITS APPLICATION IN E-CASH SYSTEM

VOCABULARY INVESTING Student Worksheet

Distributed Public Key Infrastructure via the Blockchain. Sean Pearl April 28, 2015

Security Arguments for Digital Signatures and Blind Signatures

Chapter 16: law of averages

Cashier s Cash Handling Procedures. Revised 7/1/2013

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

How To Pay With Cash Or Credit Card (For Women)

2004 Solutions Ga lois Contest (Grade 10)

THE WINNING ROULETTE SYSTEM.

Network Security Protocols

Integration Guide Last Revision: July 2004

An Electronic Voting System Based On Blind Signature Protocol

ECON 102 Spring 2014 Homework 3 Due March 26, 2014

Local 804 Pension Plan

Price Discrimination and Two Part Tariff

The Mathematics of the RSA Public-Key Cryptosystem

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

WHAT YOU SHOULD KNOW ABOUT MERGING YOUR PRACTICE

Your home loan what the banks don't tell you

1 SRS Advanced Customer Loyalty

Sample Questions for Mastery #5

Promoting society and local authority lotteries

RSA Encryption. Tom Davis October 10, 2003

Payment Systems. Birgit Pfitzmann

ELECTRONIC COMMERCE WORKED EXAMPLES

Efficient construction of vote-tags to allow open objection to the tally in electronic elections

Mobile Electronic Payments

UNION BANK UK PLC CURRENT ACCOUNTS KEY FEATURES

An Education in Merchant Processing

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Strong Encryption for Public Key Management through SSL

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Transcription:

Peppercoin Micropayments Ronald L. Rivest MIT CSAIL (joint work with Prof. Silvio Micali)

Outline Micropayment examples Challenges Aggregation methods The Peppercoin method (In England a peppercorn is smallest amount that can be paid in a contract)

What is a micropayment? A payment in the range 0.1 to $10. A payment small enough that processing it is relatively costly. (Processing one credit-card payment costs about 25 ) Processing cost is the key issue for micropayment methods.

Lydians invented coins 640 B.C. Before 640 B.C.: gold bars, barter small purchases difficult. After 640 B.C.: coins small purchases easy. Before 2003: credit cards small on-line purchases difficult. After 2003:

Generic Payment Framework Consumer PSP Authorization Billing Settlement Merchant PSP Deposit(s) Consumer Alice Payment(s) Merchant Bob

How we ll make small payments Web download Music (even streaming) Mobile phone Map Ringtones Physical POS Vending machine

Challenges: Ease-of-use Low-Cost Extending existing payment framework Security (many other issues, too)

Aggregation To reduce cost, micropayments must be aggregated into fewer macropayments. Possible levels of aggregation: None: Every payment deposited with PSP Merchant-level: A consumer s payments are aggregated by merchant MicroPSP: Monopoly service that disintermediates existing payment services; doesn t scale well Universal: Payments aggregated across all users and merchants, even those supported by different cooperating PSPs

No Aggregation Bill Alice Inefficient!

Previous Work: Digital Cash Example: Chaum s digital coins Emphasis on anonymity: Withdrawals use blind signatures Problem of double-spending handled by having doubler-spenders revealed (e.g. Brand s protocol) No aggregation: every coin spent is returned to the PSP.

Merchant-Level Aggregation Bill Alice Only works sometimes!

Previous Work: PayWord Rivest and Shamir 96 Emphasis on reducing public-key operations by using per user/merchant hash-chains instead: x 0 x 1 x 2 x 3 x n User signs x 0 over to merchant and releases next x i for next payment Merchant-level aggregation only.

MicroPSP Aggregation Bill MicroPSP Alice Doesn t scale up!

Universal Aggregation Universal aggregation dramatically reduces processing cost, independent of spending patterns. Also called many/many/many aggregation: Aggregates payments from Many consumers Many merchants Many PSP s in any combination. No need to aggregate sales per consumer.

Universal Aggregation Idea Would merchant prefer: (a) twenty 50 cent payments, or (b) $0 for 19 payments, and $10 for one? No difference to merchant, on average

Universal Aggregation Idea Would merchant prefer: (a) twenty 50 cent payments, or (b) $0 for 19 payments, and $10 for one? No difference to merchant, on average. What if processing costs 20 cents per payment? (a) nets only 30 cents per payment (b) nets 49 cents net per payment! Merchant strongly prefers (b)!

Peppercoin s Universal Aggregation One micropayment in 20 is cryptographically selected by merchant, and deposited for 20x its value, as a macropayment! Yet consumer pays only for what she has spent: each micropayment records cumulative amount she has spent at all merchants.

Peppercoin s Universal Aggregation 50 cents Alice ($8.50 cumulative) 19 / 20 Log

Peppercoin s Universal Aggregation 50 cents Charles ($12.79 cumulative) 19 / 20 Log

Peppercoin s Universal Aggregation $10 Bill $11 (exactly cover cumulative amount she spent at all merchants) $10 1 / 20 50 cents Alice ($11.00 cumulative) Efficient always and scalable:!! 20 transactions for the cost of 1!!

Peppercoin Extends Existing Payment Systems to Micropayments Existing Payment System Macro payments Consumer Alice Merchant Bob Micro payments

Dimensions to consider: Aggregation (universal) PSP on-line or off-line? (off-line) Interactive vs. non-interactive (non) (e.g. anti-spam payment in email) Computation Cost (cheap) User-fairness (fair) (many other issues, too)

Previous Work: Lottery Tickets Electronic Lottery Tickets as Micropayments Rivest FC 97 (similar to Transactions using Bets proposal by Wheeler 96) Payments are probabilistic First schemes to provide universal aggregation: payments aggregated across all user/merchant pairs.

Lottery Tickets Explained Assume micropayments are for ten cents. Merchant gives user y = hash(x) for random x. User writes check: Pay Merchant $10 if two low-order digits of hash -1 (y) are 75. (Signed by user, with cert from his PSP.) Merchant wins $10 with probability 1/100. Expected value of payment is 10 cents. Bank sees only 1 out of every 100 payments. (A plus for user privacy!)

Non-interactive Revised check: Pay Merchant $10 if two low-order digits of the hash of Merchant s digital signature on this check are 75. Merchant s deterministic signature scheme unpredictable to user. Merchant can convince PSP to pay.

Computation Cost Digital signatures are still relatively expensive --- but much cheaper than they used to be! It now seems reasonable to base micropayments on digital signatures. (E.g. Java card in cell phone) User and merchant are anyways involved with each transaction; digital signatures add only a few milliseconds. On-line/Off-line signature can also help.

Optimization for less Signing Pay Merchant $10 if the two loworder digits of the hash of Merchant s digital signature on the date of this check are 75. Merchant only signs once a day.

Variable-sized payments To make micropayment of size m: Chance of winning becomes m / M where M is the macropayment size. For example, a $1 micropayment converts to a $10 macropayment with probability 1/10. A one-penny micropayment converts to a $10 macropayment with probability 1/1000.

Is revenue variance an issue? Theorem. If Peppercoin reduces merchant fees by R percent of transaction value, then merchant will be ahead (with probability 999,999/1,000,000) after only (5 / R) 2 macropayments have been received. Example: micro = 0.10, macro = $10, otherfee = 0.03, peppercoinfee = 0.01, R = 0.20, (5/R) 2 = 625 or $6250 total value.

Fraud models Security is challenging to achieve given that PSP has only partial information, parties may collude, and payment schedules are decoupled. For example, consumer and merchant may try to collude to defraud PSP s. One effective countermeasure is to make macropayment to merchant only from revenues from that specific consumer (perhaps deferring payment if necessary).

Conclusion Peppercoin micropayments are Easy to use Low-cost even for small payments Flexible (interface with existing payment systems) Secure www.peppercoin.com Thanks!

(The End)

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information