Results 1  10
of
12
Recruiting New Tor Relays with BRAIDS
"... Tor, a distributed Internet anonymizing system, relies on volunteers who run dedicated relays. Other than altruism, these volunteers have no incentive to run relays, causing a large disparity between the number of users and available relays. We introduce BRAIDS, a set of practical mechanisms that en ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
Tor, a distributed Internet anonymizing system, relies on volunteers who run dedicated relays. Other than altruism, these volunteers have no incentive to run relays, causing a large disparity between the number of users and available relays. We introduce BRAIDS, a set of practical mechanisms that encourages users to run Tor relays, allowing them to earn credits redeemable for improved performance of both interactive and noninteractive Tor traffic. These performance incentives will allow Tor to support increasing resource demands with almost no loss in anonymity: BRAIDS is robust to wellknown attacks. Using a simulation of 20,300 Tor nodes, we show that BRAIDS allows relays to achieve 75 % lower latency than nonrelays for interactive traffic, and 90 % higher bandwidth utilization for noninteractive traffic.
Privacy vs. Authenticity
, 1997
"... : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : viii I Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 A. The Need for Balanced EMoney Systems : : : : : : : : : : : : : : : : : : : : 1 1. Outline : : : : : : : : : : : : : : ..."
Abstract

Cited by 14 (4 self)
 Add to MetaCart
: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : viii I Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 1 A. The Need for Balanced EMoney Systems : : : : : : : : : : : : : : : : : : : : 1 1. Outline : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 2 2. What we achieve : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 3 3. Avoiding abuse : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 4 4. Method : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 5 5. Tools for Privacy and Authenticity : : : : : : : : : : : : : : : : : : : : : 6 6. Tools for Robustness : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 7 B. Related Work : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 7 II A Versatile and Efficient EMoney Scheme : : : : : : : : : : : : : : : : : : : : : 11 A. System Model : : : : : : : : : : : : : : : : : : : ...
Improved Magic Ink Signatures Using Hints
 In Financial Cryptography
, 1999
"... . We introduce two improvements to the recently proposed so called magic ink DSS signatures. A first improvement is that we reduce the overhead for tracing without noticeably increasing any other cost. The tracing cost is linear in the number of generated signatures in the original proposal; our imp ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
. We introduce two improvements to the recently proposed so called magic ink DSS signatures. A first improvement is that we reduce the overhead for tracing without noticeably increasing any other cost. The tracing cost is linear in the number of generated signatures in the original proposal; our improved version reduces this to a logarithmic cost in the common case. A second improvement is that we introduce a method for determining whether forged currency is in circulation, without affecting the privacy of honest users. Our improvements rely on our introducing a so called hint value. This is an encryption of the signature transcript received, submitted by the signature receiver. Part of the processing of this hint value is done using a new technique in which the high costs of secret sharing and robust computation on shared data are avoided by manipulation of encrypted data rather than plaintext. (Whereas the idea of computing on encrypted data is not a new notion in itsel...
More Compact ECash with Efficient Coin Tracing
, 2005
"... In 1982, Chaum [21] pioneered the anonymous ecash which finds many applications in ecommerce. In 1993, Brands [810] and Ferguson [30, 31] published on singleterm offline anonymous ecash which were the first practical ecash. Their constructions used blind signatures and were inefficient to impl ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
In 1982, Chaum [21] pioneered the anonymous ecash which finds many applications in ecommerce. In 1993, Brands [810] and Ferguson [30, 31] published on singleterm offline anonymous ecash which were the first practical ecash. Their constructions used blind signatures and were inefficient to implement multispendable ecash. In 1995, Camenisch, Hohenberger, and Lysyanskaya [12] gave the first compact 2 spendable ecash, using zeroknowledgeproof techniques. They left an open problem of the simultaneous attainment of O(1)unit wallet size and efficient coin tracing. The latter property is needed to revoke bad coins from overspenders. In this paper, we solve [12]'s open problem, and thus enable the first practical compact ecash. We use a new technique whose security reduces to a new intractability assumption: the Decisional HarmonicallyTipped DiffieHellman (DHTDH) Assumption.
Combating doublespending using cooperative p2p systems
 in ICDCS
, 2007
"... An electronic cash system allows users to withdraw coins, represented as bit strings, from a bank or broker, and spend those coins anonymously at participating merchants, so that the broker cannot link spent coins to the user who withdraws them. A variety of schemes with various security properties ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
An electronic cash system allows users to withdraw coins, represented as bit strings, from a bank or broker, and spend those coins anonymously at participating merchants, so that the broker cannot link spent coins to the user who withdraws them. A variety of schemes with various security properties have been proposed for this purpose, but because strings of bits are inherently copyable, they must all deal with the problem of doublespending. In this paper, we present an electronic cash scheme that introduces a new peertopeer system architecture to prevent doublespending without requiring an online trusted party or tamperresistant software or hardware. The scheme is easy to implement, computationally efficient, and provably secure. To demonstrate this, we report on a proofofconcept implementation for Internet vendors along with a detailed complexity analysis and selected security proofs. 1.
Linkability in Practical Electronic Cash Design
, 2000
"... Designing a practical and complete electronic cash scheme has proved dicult. Designs must seek to optimise often conicting metrics such as eciency, anonymity, the ability to make exact payments. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
Designing a practical and complete electronic cash scheme has proved dicult. Designs must seek to optimise often conicting metrics such as eciency, anonymity, the ability to make exact payments.
Exact analysis of exact change: the kpayment problem
 SIAM Journal on Discrete Mathematics
"... Abstract. We introduce the kpayment problem: given a total budget of N units, the problem is to represent this budget as a set of coins, so that any k exact payments of total value at most N can be made using k disjoint subsets of the coins. The goal is to minimize the number of coins for any given ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We introduce the kpayment problem: given a total budget of N units, the problem is to represent this budget as a set of coins, so that any k exact payments of total value at most N can be made using k disjoint subsets of the coins. The goal is to minimize the number of coins for any given N and k, while allowing the actual payments to be made online, namely without the need to know all payment requests in advance. The problem is motivated by the electronic cash model, where each coin is a long bit sequence, and typical electronic wallets have only limited storage capacity. The kpayment problem has additional applications in other resourcesharing scenarios. Our results include a complete characterization of the kpayment problem as follows. First, we prove a necessary and sufficient condition for a given set of coins to solve the problem. Using this characterization, we prove that the number of coins in any solution to the kpayment problem is at least kH N/k, where Hn denotes the nth element in the harmonic series. This condition can also be used to efficiently determine k (the maximal number of exact payments) which a given set of coins allows in the worst case. Secondly, we give an algorithm which produces, for any N and k, a solution with minimal number of coins. In the case that all denominations are available, the algorithm finds a coin allocation with at most (k+1)H N/(k+1) coins. (Both upper and lower bounds are the best possible.) Finally, we show how to generalize the algorithm to the case where some of the denominations are not available.
Exact Analysis of Exact Change
, 1997
"... We consider the kpayment problem: given a total budget of N units, the problem is to represent this budget as a set of coins, so that any k exact payments of total value at most N can be made using k disjoint subsets of the coins. The goal is to minimize the number of coins for any given N and k, w ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We consider the kpayment problem: given a total budget of N units, the problem is to represent this budget as a set of coins, so that any k exact payments of total value at most N can be made using k disjoint subsets of the coins. The goal is to minimize the number of coins for any given N and k, while allowing the actual payments to be made online, namely without the need to know all payment requests in advance. The problem is motivated by the electronic cash model, where each coin is a long bit sequence, and typical electronic wallets have only limited storage capacity. The kpayment problem has additional applications in other resourcesharing scenarios. Our results include a complete characterization of the kpayment problem as follows. First, we prove a necessary and sufficient condition for a given set of coins to solve the problem. Using this characterization, we prove that the number of coins in any solution to the kpayment problem is at least kH N=k , where H n denotes the ...
Divisible ECash in the Standard Model
"... Abstract. Offline ecash systems are the digital analogue of regular cash. One of the main desirable properties is anonymity: spending a coin should not reveal the identity of the spender and, at the same time, users should not be able to doublespend coins without being detected. Compact ecash sy ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Offline ecash systems are the digital analogue of regular cash. One of the main desirable properties is anonymity: spending a coin should not reveal the identity of the spender and, at the same time, users should not be able to doublespend coins without being detected. Compact ecash systems make it possible to store a wallet of O(2 L) coins using O(L + λ) bits, where λ is the security parameter. They are called divisible whenever the user has the flexibility of spending an amount of 2 ℓ, for some ℓ ≤ L, more efficiently than by repeatedly spending individual coins. This paper presents the first construction of divisible ecash in the standard model (i.e., without the random oracle heuristic). The scheme allows a user to obtain a wallet of 2 L coins by running a withdrawal protocol with the bank. Our construction is built on the traditional binary tree approach, where the wallet is organized in such a way that the monetary value of a coin depends on how deep the coin is in the tree.
Electronic Payment Systems
, 2000
"... This paper will focus on one of them, a protocol meant for credit card payments over the web, Secure Electronic Transaction (SET), but will begin by generally categorizing electronic payment systems and consider their security requirements. ..."
Abstract
 Add to MetaCart
This paper will focus on one of them, a protocol meant for credit card payments over the web, Secure Electronic Transaction (SET), but will begin by generally categorizing electronic payment systems and consider their security requirements.