ABSTRACT
We design and analyze the first practical anonymous payment mechanisms for network services. We start by reporting on our experience with the implementation of a routing micropayment solution for Tor. We then propose micropayment protocols of increasingly complex requirements for networked services, such as P2P or cloud-hosted services.
The solutions are efficient, with bandwidth and latency overheads of under 4% and 0.9 ms respectively (in ORPay for Tor), provide full anonymity (both for payers and payees), and support thousands of transactions per second.
- A.V. Aho, J.E. Hopcroft, and J.D. Ullman. The Design and Analysis of Computer Algorithms. Addison-Wesley, 1974. Google ScholarDigital Library
- R. Anderson, C. Manifavas, and C. Sutherland. NetCard: A practical electronic-cash system. Lecture Notes in Computer Science -- Security Protocols, 1189:49--57, 1997. Google ScholarDigital Library
- E. Androulaki, M. Raykova, S. Srivatsan, A. Stavrou, and S.M. Bellovin. Par: Payment for anonymous routing. In N. Borisov and I. Goldberg, editors, Proceedings of the Eighth International Symposium on Privacy Enhancing Technologies (PETS 2008), pages 219==236, Leuven, Belgium, July 2008. Springer. Google ScholarDigital Library
- S. Brands. Untraceable off-line cash in wallets with observers (extended abstract). In CRYPTO, 1993. Google ScholarDigital Library
- J. Camenisch, S. Hohenberger, and A. Lysyanskaya. Compact e-cash. In Ronald Cramer, editor, Advances in Cryptology -- Eurocrypt, volume 3494. Google ScholarDigital Library
- J. Camenisch, A. Lysyanskaya, and M. Meyerovich. Endorsed e-cash. In SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, 2007. Google ScholarDigital Library
- J. Camenisch, U.M. Maurer, and M. Stadler. Digital payment systems with passive anonymity-revoking trustees. In ESORICS '96: Proceedings of the 4th European Symposium on Research in Computer Security, pages 33--43, London, UK, 1996. Springer-Verlag. Google ScholarDigital Library
- D. Chaum. Blind signatures for untraceable payments. In Advances in Cryptology--Proceedings of Crypto '82, pages 199--203. Plenum Press, 1982.Google Scholar
- D. Chaum. Blind signatures system. Advances in Cryptology, Proceedings of CRYPTO, pages 153--156, 1983.Google Scholar
- D. Chaum. Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10):1030--1044, 1985. Google ScholarDigital Library
- D. Chaum. Privacy protected payments: Unconditional payer and/or payee untraceability. In Proceedings of SmartCard 2000, 1988.Google Scholar
- D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In CRYPTO '88: Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology, pages 319--327, London, UK, 1990. Springer-Verlag. Google ScholarDigital Library
- D. Chaum and T.P. Pedersen. Transferred cash grows in size. In EUROCRYPT, 1992.Google Scholar
- G.I. Davida, Y. Frankel, Y. Tsiounis, and M. Yung. Anonymity control in e-cash systems. In FC '97: Proceedings of the First International Conference on Financial Cryptography, pages 1--16, London, UK, 1997. Springer-Verlag. Google ScholarDigital Library
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, 2004. Google ScholarDigital Library
- Y. Frankel, Y. Tsiounis, and M. Yung. "indirect discourse proof": Achieving efficient fair off-line e-cash. In ASIACRYPT '96: Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security, pages 286--300, London, UK, 1996. Springer-Verlag. Google ScholarDigital Library
- M.K. Franklin and M. Yung. Secure and efficient off-line digital money (extended abstract). In ICALP '93: Proceedings of the 20th International Colloquium on Automata, Languages and Programming, pages 265--276, London, UK, 1993. Springer-Verlag. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography. Cambridge University Press, 2001. Google ScholarDigital Library
- R. Hauser, M. Steiner, and M. Waidner. Micro-payments based on iKP. Technical report, 1996.Google Scholar
- A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung. Proactive secret sharing or: How to cope with perpetual leakage. In CRYPTO '95: Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology, pages 339--352, London, UK, 1995. Springer-Verlag. Google ScholarDigital Library
- iTunes Music Store. Online at http://www.apple.com/itunes.Google Scholar
- C. Jutla and M. Yung. Paytree: amortized-signature for flexible micropayments. In Second USENIX Workshop on Electronic Commerce, Oakland CA, Nov 1996.Google Scholar
- D.E. Knuth. Fundamental Algorithms, volume 2 of The Art of Computer Programming. Addison-Wesley, Reading, Massachusetts, second edition, 10 Jan. 1973. This is a full INBOOK entry.Google Scholar
- R.J. Lipton and R. Ostrovsky. Micro-payments via efficient coin-flipping. In Financial Cryptography, pages 1--15. Springer-Verlag, 1998. Google ScholarDigital Library
- A. Lysyanskaya and C. Peikert. Adaptive security in the threshold setting: From cryptosystems to signature schemes. In ASIACRYPT '01: Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security, pages 331--350, London, UK, 2001. Springer-Verlag. Google ScholarDigital Library
- M.S. Manasse. The millicent protocols for electronic commerce. In WOEC'95: Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce, pages 9--9, Berkeley, CA, USA, 1995. USENIX Association. Google ScholarDigital Library
- R. Merkle. Protocols for public key cryptosystems. In IEEE Symposium on Research in Security and Privacy, 1980.Google ScholarCross Ref
- World Wide Web Consortium: Micro Payment Transfer Protocol (MPTP). Online at http://www.w3.org/TR/WD-mptp-951122.Google Scholar
- J. Ngan, R. Dingledine, and D. Wallach. Building incentives into Tor. Technical report.Google Scholar
- The openSSL project. OpenSSL: The open source toolkit for SSL/TLS. www.openssl.org.Google Scholar
- R.L. Rivest. Electronic lottery tickets as micropayments. In R. Hirschfeld, editor, Financial Cryptography, pages 307--314, Anguilla, British West Indies, 1997. Springer. Google ScholarDigital Library
- R.L. Rivest and A. Shamir. Payword and micromint: Two simple micropayment schemes. In Proceedings of the International Workshop on Security Protocols, pages 69--87, London, UK, 1997. Springer-Verlag. Google ScholarDigital Library
- D.R. Simon. Anonymous communication and anonymous cash. In CRYPTO '96: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, pages 61--73, London, UK, 1996. Springer-Verlag. Google ScholarDigital Library
- M. Stadler, J.-M. Piveteau, and J. Camenisch. Fair blind signatures. In Proceedings of EUROCRYPT, pages 209--219, 1995. Google ScholarDigital Library
- B. Yang and H. Garcia-Molina. Ppay: micropayments for peer-to-peer systems. In CCS '03: Proceedings of the 10th ACM conference on Computer and communications security, pages 300--310, New York, NY, USA, 2003. ACM. Google ScholarDigital Library
- S. Yen, J. Lee, and J. Lee. Payfair: A prepaid internet micropayment scheme promising customer fairness. In Proc. of International Workshop on Cryptographic Techniques and E-Commerce, CrypTEC 99, pages 213--221, 1999.Google Scholar
Index Terms
- XPay: practical anonymous payments for tor routing and other networked services
Recommendations
A model of onion routing with provable anonymity
FC'07/USEC'07: Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable SecurityOnion routing is a scheme for anonymous communication that is designed for practical use. Until now, however, it has had no formal model and therefore no rigorous analysis of its anonymity guarantees. We give an IO-automata model of an onion-routing ...
How to Find Hidden Users: A Survey of Attacks on Anonymity Networks
Communication privacy has been a growing concern, particularly with the Internet becoming a major hub of our daily interactions. Revelations of government tracking and corporate profiling have resulted in increasing interest in anonymous communication ...
Towards Pseudonymous e-Commerce
The lack of privacy is one of the main reasons that limits trust in e-commerce. Current e-commerce practice enforces a customer to disclose her identity to the e-shop and the use of credit cards makes it straightforward for an e-shop to know the real ...
Comments