Upload
zeeshan-khan
View
215
Download
0
Embed Size (px)
Citation preview
8/2/2019 Ecommerce 8
1/25
Electronic Payment Systems
8/2/2019 Ecommerce 8
2/25
Electronic Payment Systems
Transaction reconciliation Cash or check
8/2/2019 Ecommerce 8
3/25
Electronic Payment Systems
Intermediated reconciliation (credit or debit card, 3rd party moneyorder)
8/2/2019 Ecommerce 8
4/25
Electronic Payment Systems
Transactions in the U.S. economy
Ty p e o f P a y m e n t Vo lum e (%) in M i llions o f Transac tionsV alue (%) in Tr i llions o f C hec k s 59,400.0 (96 .3% ) 68.3 (12.5F edwire 69.7 (0.1% ) 207 .6 (37 .9C H IP S 42.4 (0.1% ) 262 .3 (47 .9
A C H 2,200.0 (3 .5% ) 9.3 (1 .7Tota l 61 ,7 12 .10 547 .
8/2/2019 Ecommerce 8
5/25
Electronic Payment Systems
Online transaction systems Lack of physical tokens
Standard clearing methods wont work Transaction reconciliation must be intermediated
Informational tokens Ecommerce enablers
First Virtual Holdings, Inc. model
Online payment systems (financial electronic data interchange) Secure Electronic Transaction (SET) protocol supported by Visa and
MasterCard
Digital currency
8/2/2019 Ecommerce 8
6/25
Electronic Payment Systems
Digital currency Non-intermediated transactions Anonymity
Ecommerce benefits Privacy preserving Minimizes transactions costs Micropayments
Security issues with digital currency
Authenticity (non-counterfeiting) Double spending Non-refutability
8/2/2019 Ecommerce 8
7/25
Electronic Payment Systems
Contemporary forms of digital currency Ecash
Set up account with ecash issuing bank
Account backed by outside money (credit card or cash) Move credit from account to ecash mint
Public key encryption used to validate coins: third parties can bitethe coin electronically by asking the issuing bank to verify itsencryption
Spend ecoin at merchant site that accepts ecash
Merchant then deposits ecoin in his account at his participating bank, or keeps it on hand to make change, or spends the ecash at a supplier merchants site.
Role of encryption
8/2/2019 Ecommerce 8
8/25
Encryption
The need for encryption in ecommerce Degree of risk vs. scope of risk Institutional versus individual impact Obvious need for ecurrencies.
Public key cryptography: an overview One-way functions How it works
Parties to the transaction will be called Alice and Bob. Each participant has a public key, denoted P A and P B for Alice and Bob
respectively, and a secret key, denoted S A and S B respectively
8/2/2019 Ecommerce 8
9/25
Encryption
Each person publishes his or her public key, keeping the secret keysecret.
Let D be the set of permissible messages Example: All finite length bit strings or strings of integers
The public key is required to define a one-to-one mapping from the set D to itself (without this requirements, decryption of the message isambiguous).
Given a message M from Alice to Bob, Alice would encrypt this usingBobs public key to generate the so-called cyphertext C=P B(M). Note that
C is thus a permutation of the set D. The public and secret keys are inverses of each other
M=S B(PB(M))
M=S A(PA(M))
The encryption is secure as long as the functions defined by the public
key are one-way functions
8/2/2019 Ecommerce 8
10/25
Encryption
The RSA public key cryptosystem
Finite groups
Finite set of elements (integers) Operation that maps the set to itself (addition, multiplication)
Example: Modular (clock) arithmetic
Subgroups
Any subset of a given group closed under the group operation Z 2 (i.e. even integers) is a subgroup (under addition) of Z
Subgroups can be generated by applying the operation to elements of
the group
Example with mod 12 arithmetic (operation is addition)
8/2/2019 Ecommerce 8
11/25
Encryption
121 mod x
122 mod x
8/2/2019 Ecommerce 8
12/25
Encryption
123 mod
x
124 mod x
8/2/2019 Ecommerce 8
13/25
Encryption
125 mod x
126 mod x
8/2/2019 Ecommerce 8
14/25
Encryption
127 mod x
128 mod x
8/2/2019 Ecommerce 8
15/25
Encryption
129 mod x
1210 mod x
8/2/2019 Ecommerce 8
16/25
Encryption
1211 mod x
8/2/2019 Ecommerce 8
17/25
Encryption
A key result: Lagranges Theorem If S is a subgroup of S, then the number of elements of S divides
the number of elements of S.
Examples:
1212,
123,
124,
126,
125125
124124
123123
122122
==
==
==
==
Z Z Z Z
Z Z Z Z
Z Z Z Z
Z Z Z Z
8/2/2019 Ecommerce 8
18/25
Encryption
Solving modular equations RSA uses modular groups to transform messages (or blocks of
numbers representing components of messages) to encryptedform.
Ability to compute the inverse of a modular transformation allowsdecryption.
Suppose x is a message, and our cyphertext is y=ax mod n for some numbers a and n. To recover x from y, then, we need to beable to find a number b such that x=by mod n .
When such a number exists, it is called the mod n inverse of a. A key result: For any n>1, if a and n are relatively prime, then
the equation ax=b mod n has a unique solution modulo n.
8/2/2019 Ecommerce 8
19/25
Encryption
In the RSA system, the actual encryption is done usingexponentiation.
A key result:
1mod
,0
1 =
pa
a Z for any aime, then If p is pr
remittle Theo Fermats L
p
p
8/2/2019 Ecommerce 8
20/25
Encryption
RSA technicals Select 2 prime numbers p and q Let n=pq Select a small odd integer e relatively prime to (p-1)(q-1) Compute the modular inverse d of e, i.e. the solution to the
equation
Publish the pair P=(e,n) as the public key Keep secret the pair S=(d,n) as the secret key
( )( )11mod1 = q pde
8/2/2019 Ecommerce 8
21/25
Encryption
For this specification of the RSA system, the message domain is Z n
Encryption of a message M in Z n is done by defining
Decrypting the message is done by computing
n M M P C e mod)( ==
( ) nC C S d mod=
8/2/2019 Ecommerce 8
22/25
Encryption
Let us verify that the RSA scheme does in fact define an invertiblemapping of the message.
( )( ) ( )( )
( )( )
( )theorem.)sFermat'applying byfollowstepslast(the
mod
mod
modmod
Hence,.integer somefor
111
other eachof inversesmodular areandSince n.mod
anyFor
)1(
)1()1(
)1)(1(
M n M M
n M MM
n MM n M
k
q pk ed
ed M M P S M S P
Z M
k q
qk p
q pk ed
ed
n
==
=
=
+=
==
8/2/2019 Ecommerce 8
23/25
Encryption
Note that the security of the encryption system rests on the factthat to compute the modular inverse of e, you need to know thenumber (p-1)(q-1) , which requires knowledge of the factors p andq.
Getting the factors p and q, in turn, requires being able to factor the large number n=pq . This is a computationally difficult
problem. Some examples:
http://econ.gsia.cmu.edu/spear/rsa3.asp
8/2/2019 Ecommerce 8
24/25
Encryption
Applications Direct message encryption Digital Signatures
Use secret key to encrypt signature: S(Name) Appended signature to message and send to recipient Recipient decrypts signature using public key: P(S(Name)=Name
Encrypted message and signature Create digital signature as above, appended to message, encrypt
message using recipients public key Recipient uses own secret key to decrypt message, then uses senders
public key to decrypt signature, thus verifying sender
8/2/2019 Ecommerce 8
25/25
Policy Issues
Privacy and verification Transaction costs and micro-payments
Monetary effects Domestic money supply control and economic policy levers International currency exchanges and exchange rate stability
Market organization effects Development of new financial intermediaries
Effects on government Seniorage Legal issues