Ecommerce 8

8/2/2019 Ecommerce 8

1/25

Electronic Payment Systems


2/25


Transaction reconciliation Cash or check


3/25


Intermediated reconciliation (credit or debit card, 3rd party moneyorder)


4/25


Transactions in the U.S. economy

Ty p e o f P a y m e n t Vo lum e (%) in M i llions o f Transac tionsV alue (%) in Tr i llions o f C hec k s 59,400.0 (96 .3% ) 68.3 (12.5F edwire 69.7 (0.1% ) 207 .6 (37 .9C H IP S 42.4 (0.1% ) 262 .3 (47 .9

A C H 2,200.0 (3 .5% ) 9.3 (1 .7Tota l 61 ,7 12 .10 547 .


5/25


Online transaction systems Lack of physical tokens

Standard clearing methods wont work Transaction reconciliation must be intermediated

Informational tokens Ecommerce enablers

First Virtual Holdings, Inc. model

Online payment systems (financial electronic data interchange) Secure Electronic Transaction (SET) protocol supported by Visa and

MasterCard

Digital currency


6/25


Digital currency Non-intermediated transactions Anonymity

Ecommerce benefits Privacy preserving Minimizes transactions costs Micropayments

Security issues with digital currency

Authenticity (non-counterfeiting) Double spending Non-refutability


7/25


Contemporary forms of digital currency Ecash

Set up account with ecash issuing bank

Account backed by outside money (credit card or cash) Move credit from account to ecash mint

Public key encryption used to validate coins: third parties can bitethe coin electronically by asking the issuing bank to verify itsencryption

Spend ecoin at merchant site that accepts ecash

Merchant then deposits ecoin in his account at his participating bank, or keeps it on hand to make change, or spends the ecash at a supplier merchants site.

Role of encryption


8/25

Encryption

The need for encryption in ecommerce Degree of risk vs. scope of risk Institutional versus individual impact Obvious need for ecurrencies.

Public key cryptography: an overview One-way functions How it works

Parties to the transaction will be called Alice and Bob. Each participant has a public key, denoted P A and P B for Alice and Bob

respectively, and a secret key, denoted S A and S B respectively


9/25

Encryption

Each person publishes his or her public key, keeping the secret keysecret.

Let D be the set of permissible messages Example: All finite length bit strings or strings of integers

The public key is required to define a one-to-one mapping from the set D to itself (without this requirements, decryption of the message isambiguous).

Given a message M from Alice to Bob, Alice would encrypt this usingBobs public key to generate the so-called cyphertext C=P B(M). Note that

C is thus a permutation of the set D. The public and secret keys are inverses of each other

M=S B(PB(M))

M=S A(PA(M))

The encryption is secure as long as the functions defined by the public

key are one-way functions


10/25

Encryption

The RSA public key cryptosystem

Finite groups

Finite set of elements (integers) Operation that maps the set to itself (addition, multiplication)

Example: Modular (clock) arithmetic

Subgroups

Any subset of a given group closed under the group operation Z 2 (i.e. even integers) is a subgroup (under addition) of Z

Subgroups can be generated by applying the operation to elements of

the group

Example with mod 12 arithmetic (operation is addition)


11/25

Encryption

121 mod x

122 mod x


12/25

Encryption

123 mod

x

124 mod x


13/25

Encryption

125 mod x

126 mod x


14/25

Encryption

127 mod x

128 mod x


15/25

Encryption

129 mod x

1210 mod x


16/25

Encryption

1211 mod x


17/25

Encryption

A key result: Lagranges Theorem If S is a subgroup of S, then the number of elements of S divides

the number of elements of S.

Examples:

1212,

123,

124,

126,

125125

124124

123123

122122

==

==

==

==

Z Z Z Z

Z Z Z Z

Z Z Z Z

Z Z Z Z


18/25

Encryption

Solving modular equations RSA uses modular groups to transform messages (or blocks of

numbers representing components of messages) to encryptedform.

Ability to compute the inverse of a modular transformation allowsdecryption.

Suppose x is a message, and our cyphertext is y=ax mod n for some numbers a and n. To recover x from y, then, we need to beable to find a number b such that x=by mod n .

When such a number exists, it is called the mod n inverse of a. A key result: For any n>1, if a and n are relatively prime, then

the equation ax=b mod n has a unique solution modulo n.


19/25

Encryption

In the RSA system, the actual encryption is done usingexponentiation.

A key result:

1mod

,0

1 =

pa

a Z for any aime, then If p is pr

remittle Theo Fermats L

p

p


20/25

Encryption

RSA technicals Select 2 prime numbers p and q Let n=pq Select a small odd integer e relatively prime to (p-1)(q-1) Compute the modular inverse d of e, i.e. the solution to the

equation

Publish the pair P=(e,n) as the public key Keep secret the pair S=(d,n) as the secret key

( )( )11mod1 = q pde


21/25

Encryption

For this specification of the RSA system, the message domain is Z n

Encryption of a message M in Z n is done by defining

Decrypting the message is done by computing

n M M P C e mod)( ==

( ) nC C S d mod=


22/25

Encryption

Let us verify that the RSA scheme does in fact define an invertiblemapping of the message.

( )( ) ( )( )

( )( )

( )theorem.)sFermat'applying byfollowstepslast(the

mod

mod

modmod

Hence,.integer somefor

111

other eachof inversesmodular areandSince n.mod

anyFor

)1(

)1()1(

)1)(1(

M n M M

n M MM

n MM n M

k

q pk ed

ed M M P S M S P

Z M

k q

qk p

q pk ed

ed

n

==

=

=

+=

==


23/25

Encryption

Note that the security of the encryption system rests on the factthat to compute the modular inverse of e, you need to know thenumber (p-1)(q-1) , which requires knowledge of the factors p andq.

Getting the factors p and q, in turn, requires being able to factor the large number n=pq . This is a computationally difficult

problem. Some examples:

http://econ.gsia.cmu.edu/spear/rsa3.asp


24/25

Encryption

Applications Direct message encryption Digital Signatures

Use secret key to encrypt signature: S(Name) Appended signature to message and send to recipient Recipient decrypts signature using public key: P(S(Name)=Name

Encrypted message and signature Create digital signature as above, appended to message, encrypt

message using recipients public key Recipient uses own secret key to decrypt message, then uses senders

public key to decrypt signature, thus verifying sender


25/25

Policy Issues

Privacy and verification Transaction costs and micro-payments

Monetary effects Domestic money supply control and economic policy levers International currency exchanges and exchange rate stability

Market organization effects Development of new financial intermediaries

Effects on government Seniorage Legal issues

Documents

Ecommerce 8