公平電子交易協定及小額付費系統之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：19

、訪客IP：3.137.222.157

姓名

陳彥璋(Yen-Chang Chen) 查詢紙本館藏

畢業系所

資訊工程學系

論文名稱

公平電子交易協定及小額付費系統之研究
(On the Research of Fair Exchange Protocols and Micropayment Schemes)

相關論文

★ 多種數位代理簽章之設計	★ 小額電子支付系統之研究
★ 實體密碼攻擊法之研究	★ 商業性金鑰恢復與金鑰託管機制之研究
★ AES資料加密標準之實體密碼分析研究	★ 電子競標系統之研究
★ 針對堆疊滿溢攻擊之動態程式區段保護機制	★ 通用型數域篩選因數分解法之參數探討
★ 於8051單晶片上實作可防禦DPA攻擊之AES加密器	★ 以非確定式軟體與遮罩分割對策防禦能量攻擊之研究
★ 遮罩保護機制防禦差分能量攻擊之研究	★ AES資料加密標準之能量密碼分析研究
★ 小額電子付費系統之設計與密碼分析	★ 公平電子現金系統之研究
★ RSA公開金鑰系統之實體密碼分析研究	★ 保護行動代理人所收集資料之研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

隨著網際網路的日漸普及也帶動了電子商務的蓬勃發展，由於網際網路的便利性，越來越多的商業行為皆在其上方完成，但在網路的環境裡並沒有保證交易雙方之公平性，意即會有一方得到另一方的電子簽章，而另一方確沒得到相對應的電子簽章的情形發生，因此，如何設計一個機制來維持交易雙方的公平性是很重要的。
在早先的公平電子交易協定之研究中，為了達到公平性，必須假設交易雙方的設備擁有一樣或相近的計算能力，這樣的假設並不合理且不切實際；另一類的研究加入了可信任的第三者(Trusted Third Party)來維持公平，但一個合適第三者之角色可能無法找到。
「同時簽章系統(Concurrent Signature Scheme)」的概念是由Chen等人在2004年所提出，這個概念試圖達到公平電子交易協定的功能，但確不用依賴可信任的第三者以及交易雙方設備計算能力相同之假設。
在本論文中，我們提出一個架構於條件簽(Conditional Signature)的同時簽章系統，我們的方法比之前所有的同時簽章系統來得有效率，並且，除了匿名性之外，我們的方法擁有Nguyen之方法的所有特性。在本論文中，我們會說明匿名性對於同時簽章系統在應用上的影響是非常小的。
另一個重要之研究主題是「小額付費系統(Micropayment Scheme)」，其在電子商務中有著各式各樣的應用，如：存取付費網頁、線上訂購雜誌、線上資料庫查詢、網路付費彈跳式廣告、網路付費串流影音等。
在本論文中，我們提出一個新的可變動錢幣面額之小額付費系統，在我們提出的方法中，不但商家驗證一筆電子金錢合法性之計算量下降，而且顧客產生一筆電子金錢之計算量也減少很多。相較於固定錢幣面額之小額付費系統，可變動錢幣面額之付費方式較符合一般顧客之消費模式，也較符合大部分電子商務應用。

摘要(英)

The popularity of the Internet promotes the growth of electronic commerce. More and more business transactions are accomplished over the network due to its convenience. The Internet provides the great convenient environment for the business deals, but it does not guarantee the fairness between the transactors. Therefore,
the research on the mechanism to ensure fairness between the transactors in the transaction is important.
Early work on solving the problem of fair exchange relies on the assumption that both transactors have the same or almost the same computing power, but this assumption is impractical. The other category of fair exchange protocols involves a trusted third party to ensure fairness, but an appropriate third party with such functions may not be available.
The concept of concurrent signature scheme was first introduced by Chen, Kudla, and Paterson. It is a scheme which attempts to provide functions closing to fair exchange without relying on a trusted third party and the assumption of the same computing power between two transactors.
We propose a new concurrent signature scheme which performs more efficient than all the previous concurrent signature schemes. The proposed scheme achieves all the properties except anonymity in Nguyen’’s scheme and we will show that this property is in fact minor in most applications to achieve the purpose of a concurrent signature.
There is another important research topic, i.e., micropayment system. It is considered to have a variety of practical applications such as access to charged World Wide Web pages, on-line magazine subscription, on-line database query, Internet pop-up advertisement, multimedia in stream manner over Internet, and so on.
We propose a new micropayment scheme with varying denomination which extensively improves the computational performance of both the customer and the merchant. The varying denomination approach presses close to the usual spending habit of the customer and might be more reasonable for most micropayment applications.

關鍵字(中)

★ 同步簽章
★ 密碼學
★ 條件簽章
★ 電子付費
★ 單向雜湊函數
★ 單次密碼
★ 小額付費
★ 公平交易

關鍵字(英)

★ Concurrent signature
★ Cryptography
★ One-way hash chain
★ One-time password
★ Micropayment
★ Electronic payment
★ Fair exchange
★ Conditional signature

論文目次

1 Introduction 1
1.1 Motivation of the Research . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Overview of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Preliminary 5
2.1 Classification of Fair Exchange Protocols . . . . . . . . . . . . . . . . 5
2.2 Concept of Concurrent Signature Scheme . . . . . . . . . . . . . . . . . 6
2.3 Applications of Concurrent Signature Scheme . . . . . . . . . . . . . . . 7
2.4 The Requirements for Concurrent Signature Scheme . . . . . . . . . . . . 8
2.5 Introduction to Two Signature Schemes . . . . . . . . . . . . . . . . . . 8
2.5.1 Schnorr signature scheme . . . . . . . . . . . . . . . . . . . . . . . 9
2.5.2 Schnorr-like signature scheme . . . . . . . . . . . . . . . . . . . . . 9
3 Review of Concurrent Signature Schemes 11
3.1 Concurrent Signature Scheme . . . . . . . . . . . . . . . . . . . . . . 11
3.1.1 Generic definition of algorithms . . . . . . . . . . . . . . . . . . . 12
3.1.2 Protocol of concurrent signature scheme . . . . . . . . . . . . . . . 13
3.1.3 A concrete concurrent signature scheme . . . . . . . . . . . . . . . . 14
3.1.4 Remarks on concurrent signature scheme . . . . . . . . . . . . . . . . 15
3.2 Perfect Concurrent Signature Scheme . . . . . . . . . . . . . . . . . . 15
3.2.1 Representation of signature of knowledge . . . . . . . . . . . . . . . 16
3.2.2 A concrete scheme from Schnorr signature scheme . . . . . . . . . . . 17
3.2.3 Remarks on perfect concurrent signature scheme . . . . . . . . . . . . 18
3.3 Asymmetric Concurrent Signature Scheme . . . . . . . . . . . . . . . . . 18
3.3.1 Promises of Schnorr and Schnorr-like signatures . . . . . . . . . . . 19
3.3.2 Generic definition of algorithms . . . . . . . . . . . . . . . . . . . 20
3.3.3 Protocol of asymmetric concurrent signature scheme . . . . . . . . . . 21
3.3.4 A concrete asymmetric concurrent signature scheme . . . . . . . . . . 21
4 Balanced Concurrent Signature Scheme 24
4.1 Conditional Signature Schemes . . . . . . . . . . . . . . . . . . . . . 26
4.1.1 Review of conditional digital signatures . . . . . . . . . . . . . . . 26
4.1.2 Conditional signature scheme based on Schnorr signature . . . . . . . 27
4.2 Generic Definitions of Algorithms and Protocols . . . . . . . . . . . . 28
4.2.1 Algorithms of balanced concurrent signature . . . . . . . . . . . . . 28
4.2.2 Protocols of balanced concurrent signature . . . . . . . . . . . . . . 29
4.3 Security Model of Balanced Concurrent Signature . . . . . . . . . . . . 31
4.3.1 Correctness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.3.2 Unforgeability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.3.3 Fairness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4.3.4 Unlinkability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.4 A Concrete Balanced Concurrent Signature Scheme . . . . . . . . . . . . 33
4.5 Security and Performance Analysis . . . . . . . . . . . . . . . . . . . 35
4.5.1 Security analysis . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.5.2 Performance analysis . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.6 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
5 PayStar: A Denomination Flexible Micropayment Scheme 38
5.1 Related Work on Micropayment Schemes . . . . . . . . . . . . . . . . . . 40
5.1.1 Brief review of the PayWord scheme . . . . . . . . . . . . . . . . . . 40
5.1.2 Micropayment based on unbalanced one-way binary tree . . . . . . . . . 41
5.1.3 Weighted one-way hash chain . . . . . . . . . . . . . . . . . . . . . 43
5.2 The Proposed Denomination Flexible Micropayment Scheme . . . . . . . . . 43
5.2.1 Varying denomination mintage scheme . . . . . . . . . . . . . . . . . 44
5.2.2 PayStar scheme with varying denomination . . . . . . . . . . . . . . . 45
5.3 Performance Analysis of the Proposed Micropayment Scheme . . . . . . . . 47
5.3.1 Computational and storage cost analysis . . . . . . . . . . . . . . . 47
5.3.2 Alternative merged one-way hash chain . . . . . . . . . . . . . . . . 48
5.3.3 Comparisons of performance . . . . . . . . . . . . . . . . . . . . . . 50
5.4 Further Extension of the PayStar Scheme . . . . . . . . . . . . . . . . 51
5.5 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
6 Conclusions 54
6.1 Brief Review of Main Contributions . . . . . . . . . . . . . . . . . . . 54
6.2 Further Research Topics and Directions . . . . . . . . . . . . . . . . . 54
Bibliography 57

參考文獻

[1] M. Abadi, N. Glew, B. Horne, and B. Pinkas, "Certified e-mail with a light
on-line trusted third party: Design and implementation," Proc. of the 11th
International World Wide Web Conference, WWW 2002, Honolulu, Hawaii,
USA, May 2002.
[2] M. Abe, M. Ohkubo, and K. Suzuki, "1-out-of-n signatures from a variety of
keys," Advances in Cryptology - ASIACRYPT 2002, Lecture Notes in Computer Science 2501, pp.415-432, Springer-Verlag, 2002.
[3] R. Anderson, C. Manifavas, and C. Sutherland, "NetCard - A practical electronic cash system," Proc. of Security Protocols Workshop, Lecture Notes in
Computer Science 1189, pp.49-57, Springer-Verlag, 1997.
[4] N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital
signatures," Advances in Cryptology - EUROCRYPT 1998, Lecture Notes in
Computer Science 1403, pp.591-606, Springer-Verlag, 1998.
[5] E.F. Brickell, D. Chaum, I.B. Damgard, and J. van de Graaf, "Gradual and
verifiable release of a secret," Advances in Cryptology - CRYPTO 1987, pp.156-166.
[6] C. Cachin, "Efficient private bidding and auctions with an oblivious third
party," Proc. of the 6th ACM Conference on Computer and Communications
Security, pp.120-127, 1999.
[7] C. Cachin and J. Camenisch, "Optimistic fair secure computation," Advances in Cryptology - CRYPTO 2000, Lecture Notes in Computer Science 1880, pp.94-112, Springer-Verlag, 2000.
[8] J. Camenisch, "Efficient and generalized group signatures," Advances in Cryptology - EUROCRYPT 1997, Lecture Notes in Computer Science 1233, pp.465-479, Springer-Verlag, 1998.
[9] L. Chen, C. Kudla, and K.G. Paterson, "Concurrent signatures," Advances in
Cryptology - EUROCRYPT 2004, Lecture Notes in Computer Science 3027,
pp.287-305, Springer-Verlag, 2004.
[10] S.S.M. Chow and W. Susilo, "Generic construction of (identity-based) perfect concurrent signatures," Proc. of Information and Communications Security Conference, ICICS 2005, Lecture Notes in Computer Science 3783, pp.194-206, Springer-Verlag, 2005.
[11] R. Cleve, "Controlled gradual disclosure schemes for random bits and their applications," Advances in Cryptology - CRYPTO 1989, Lecture Notes in Computer Science 435, pp.573-588, Springer-Verlag, 1990.
[12] I.B. Damgard, "Practical and provably secure release of a secret and exchange of signatures," Advances in Cryptology - EUROCRYPT 1993, Lecture Notes
in Computer Science, pp.200-217, Springer-Verlag, 1994.
[13] T. ElGamal, "A public key cryptosystem and a signature scheme based on
discrete logarithms," IEEE Transactions on Information Theory, 31, pp.469-472, 1985.
[14] S. Even, O. Goldreich, and A. Lempel, "A randomized protocol for signing
contracts," Communications of the ACM, Vol.28(6), pp.637-647, Jun. 1985.
[15] M.K. Franklin and M.K. Reiter, "Fair exchange with a semi-trusted third
party," Proc. of the 4th ACM Conference on Computer and Communications
Security, pp.1-5, 1997.
[16] M.K. Franklin and G. Tsudik, "Secure group barter: Multi-party fair exchange with semi-trusted neutral parties," Proc. of Financial Cryptography Conference, FC 1998, Lecture Notes in Computer Science 1465, pp.90-102, Springer-Verlag, 1998.
[17] J.A. Garay, M. Jakobsson, and P. MacKenzie, "Abuse-free optimistic contract signing," Advances in Cryptology - CRYPTO 1999, Lecture Notes in Computer Science 1666, pp.449-466, Springer-Verlag, 1999.
[18] S. Glassmann, M. Manasse, M. Abadi, P. Gauthier, and P. Sobalvarro, "The
Millicent protocol for inexpensive electronic commerce," Proc. of 4th International World Wide Web Conference, pp.603-618, 1995.
[19] O. Goldreich, "A simple protocol for signing contracts," Advances in Cryptology - CRYPTO 1983, Lecture Notes in Computer Science, pp.133-136, Springer-Verlag, 1983.
[20] O. Goldreich, "Sending certified mail using oblivious transfer and a threshold scheme," Technical Report, Computer Science Department, Israel Institute of Technology, 1984.
[21] N.M. Haller, "The S/KEY one-time password system," Proc. of the ISOC Symposium on Network and Distributed System Security, San Diego, CA, Feb. 1994.
[22] R. Hauser, M. Steiner, and M. Waidner, "Micropayments based on iKP," Proc.
of SECURICOM 1996, 14th Worldwide Congress on Computer and Communications Security and Protection, pp.67-82, Jun. 1996.
[23] M. Jakobsson, K. Sako, and R. Impagliazzo, "Designated verifier proofs and
their applications," Advances in Cryptology - EUROCRYPT 1996, Lecture Notes in Computer Science 1070, pp.143-154, Springer-Verlag, 1996.
[24] C. Jutla and M. Yung, "Paytree: Amortized signature for flexible micropayments," Proc. of 2nd USENIX Workshop on Electronic Commerce, pp.213-221, Nov. 1996.
[25] M. Klonowski, M. Kutylowski, A. Lauks, and F. Zagorski, "Conditional digital signatures," Proc. of Trust, Privacy and Security in Digital Business Conference, TrustBus 2005, Lecture Notes in Computer Science 3592, pp.206-215,
Springer-Verlag, 2005.
[26] L. Lamport, "Password authentication with insecure communication," Communications of the ACM, Vol.24(11), pp.770-772, Nov. 1981.
[27] B. Lee and K. Kim, "Fair exchange of digital signatures using conditional signature," Symposium on Cryptography and Information Security, SCIS 2002,
Vol.1/2, pp.179-184, 2002.
[28] S. Micali and R.L. Rivest, "Micropayments revisited," Proc. of Cryptographer's Track at the RSA Conference, CT-RSA 2002, Lecture Notes in Computer Science 2271, pp.149-163, Springer-Verlag, 2002.
[29] K. Nguyen, "Asymmetric concurrent signatures," Proc. of Information and
Communications Security Conference, ICICS 2005, Lecture Notes in Computer
Science 3783, pp.181-193, Springer-Verlag, 2005.
[30] T. Pedersen, "Electronic payments of small amounts," Proc. of Security Protocols Workshop, Lecture Notes in Computer Science 1189, pp.59-68, Springer-Verlag, 1997.
[31] B. Pfitzmann, M. Schunter, and M. Waidner, "Optimal efficiency of optimistic contract signing," Proc. of the 7th Annual ACM Symposium on Principles of Distributed Computing, pp.113-122, 1998.
[32] R.L. Rivest, "The MD5 message digest algorithm," RFC 1321, Apr. 1992.
[33] R.L. Rivest, "Electronic lottery tickets as micropayments," Proc. of Financial Cryptography Conference, FC 1997, Lecture Notes in Computer Science 1318, pp.307-314, Springer-Verlag, 1998.
[34] R.L. Rivest and A. Shamir, "PayWord and MicroMint: Two simple micropayment schemes," Proc. of Security Protocols Workshop, Lecture Notes in
Computer Science 1189, pp.69-87, Springer-Verlag, 1997.
[35] R.L. Rivest, A. Shamir, and L.M. Adleman, "A method for obtaining digital
signatures and public-key cryptosystems," Communications of the ACM, 21(2),
pp.120-126, 1978.
[36] R.L. Rivest, A. Shamir, and Y. Tauman, "How to leak a secret," Advances
in Cryptology - ASIACRYPT 2001, Lecture Notes in Computer Science 2248,
pp.552-565, Springer-Verlag, 2001.
[37] C.P. Schnorr, "Efficient identification and signatures for smart cards," Advances in Cryptology - CRYPTO 1989, Lecture Notes in Computer Science
435, pp.239-252, Springer-Verlag, 1990.
[38] J. Stern and S. Vaudenay, "SVP: A flexible micropayment scheme," Proc. of Financial Cryptography Conference, FC 1997, Lecture Notes in Computer Science
1318, pp.161-172, Springer-Verlag, 1998.
[39] W. Susilo, Y. Mu, and F. Zhang, "Perfect concurrent signature schemes," Proc. of Information and Communications Security Conference, ICICS 2004, Lecture Notes in Computer Science 3269, pp.14-26, Springer-Verlag, 2004.
[40] S.M. Yen, "PayFair: A prepaid Internet micropayment scheme ensuring customer fairness," IEE Proceedings: Computers and Digital Techniques, Vol.148,
No.6, pp.207-213, Nov. 2000.
[41] S.M. Yen, C.N. Chen, and H.C. Lin, "Improved probabilistic micropayment
scheme," Proc. of International Workshop on Information Security Applications, WISA 2002, Jeju Island, Korea, Aug. 2002.
[42] S.M. Yen, L.T. Ho, and C.Y. Huang, "Internet micropayment based on unbalanced one-way binary tree," Proc. of International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC 1999, Hong Kong, pp.155-162,
Jul. 1999.
[43] S.M. Yen and C.S. Laih, "Improved digital signature suitable for batch verification," IEEE Trans. on Computers, Vol.44, No.7, Jul. 1995.
[44] S.M. Yen, C.S. Laih, and A.K. Lenstra, "Multi-exponentiation," IEE Proceedings: Computers and Digital Techniques, Vol.141, No.6, pp.325-326, Nov. 1994.
[45] S.M. Yen and Y. Zheng, "Weighted one-way hash chain and its applications,"
Proc. of International Workshop on Information Security, ISW 2000, Lecture
Notes in Computer Science 1975, pp.135-148, Springer-Verlag, 2000.
[46] Y. Zheng, J. Pieprzyk, and J. Seberry, "HAVAL - A one-way hashing algorithm with variable length of output," Advances in Cryptology - AUSCRYPT 1992, Lecture Notes in Computer Science 718, pp.83-104, Springer-Verlag, 1993.
[47] FIPS 180-1, "Secure Hash Standard," NIST, US Department of Commerce,
Washington D.C., Apr. 1995.

指導教授

顏嵩銘(Sung-Ming Yen)

審核日期

2006-7-20

推文