We apply off-line/on-line signatures to provide an alternative solution to the problem of certificate revocation.

. This note considers the application of electronic cash to transactions in which many small amounts must be paid to the same payee and in which it is not possible to just pay the total amount afterwards. The most notable example of such a transaction is payment for phone calls. If currently published electronic cash systems are used and a full payment protocol is executed for each of the small amounts, the overall complexity of the system will be prohibitively large (time, storage and communication). This note describes how such payments can be handled in a wide class of payment systems. The solution is very easy to adapt as it only influences the payment and deposit transactions involving such payments. Furthermore, making and verifying each small payment requires very little computation and communication, and the total complexity of both transactions is comparable to that of a payment of a fixed amount. 1 Introduction The introduction of public key crypto-systems and digital signat...

We consider an environment in which many servers serve an even larger number of clients (e.g. the web), and it is required to meter the interaction between servers and clients. More specifically, it is desired to count the number of clients that were served by a server. A major possible application is to measure the popularity of web pages in order to decide on advertisement fees. The metering process must be very e cient and should not require extensive usage of any new communication channels. The metering should also be secure against fraud attempts by servers which in ate the number of their clients and against clients that attempt to disrupt the metering process. We suggest several secure and efficient constructions of metering systems, based on efficient cryptographic techniques. They are also very accurate and can preserve the privacy of the clients.

Abstract not found

When computationally intensive tasks have to be carried out on trusted, but limited, platforms such as smart cards, it becomes necessary to compensate for the limited resources #memory, CPU speed# by o#- loading implementations of data structures on to an available #but insecure, untrusted# fast co-processor. However, data structures such as stacks, queues, RAMS, and hash tables can be corrupted #and made to behave incorrectly# by a potentially hostile implementation platform or by an adversary knowing or choosing data structure operations. This paper examines approaches that can detect violations of datastructure invariants, while placing limited demands on the resources of the secure computing platform. 1 Introduction Smart cards, set-top boxes, consumer electronics and other forms of trusted hardware #2, 3, 16# have been available #or are being proposed #1## for applications such as electronic commerce. We shall refer to these devices as T . These devices are typically composed of...

Binary Linking Schemes (BLS) for digital time-stamping [3] provide (1) relative temporal authentication to be performed in logarithmic time, and (2) time-certificates of reasonable size, which together with the data published in a widely available medium enable the verifier to establish their relative temporal positions, even if the database held by the Time-Stamping Service (TSS) ceases to exist. We show that the size of a time-certificate ø(X) of a document X in the scheme presented in [3] is bounded by 4 \Delta log 2 N where k is the output size of the hash function and N is the number of time-stamps issued. We then present a new BLS with ø (X) ß 6 log 2 3 \Delta k \Delta log 2 N and prove that the presented scheme is optimal in that sense.