Upload
manish-dhane
View
219
Download
0
Embed Size (px)
Citation preview
8/7/2019 Ecommerce8
1/25
Electronic Payment Systems
8/7/2019 Ecommerce8
2/25
Electronic Payment Systems
Transaction reconciliation
Cash or check
8/7/2019 Ecommerce8
3/25
Electronic Payment Systems
Intermediated reconciliation (credit or debit card, 3rd party money
order)
8/7/2019 Ecommerce8
4/25
Electronic Payment Systems
Transactions in the U.S. economy
Type of Payment Volume (%) in Millions of Transactions Value (%) in Trillions of Dollars
Checks 59,400.0 (96.3%) 68.3 (12.5%)
Fedwire 69.7 (0.1%) 207.6 (37.9%)
CHIPS 42.4 (0.1%) 262.3 (47.9%)
ACH 2,200.0 (3.5%) 9.3 (1.7%)
Total 61,712.10 547.5
8/7/2019 Ecommerce8
5/25
Electronic Payment Systems
Online transaction systems
Lack of physical tokens
Standard clearing methods wont work
Transaction reconciliation must be intermediated
Informational tokens
Ecommerce enablers
First Virtual Holdings, Inc. model
Online payment systems (financial electronic data interchange)
Secure Electronic Transaction (SET) protocol supported by Visa and
MasterCard
Digital currency
8/7/2019 Ecommerce8
6/25
Electronic Payment Systems
Digital currency
Non-intermediated transactions
Anonymity
Ecommerce benefits
Privacy preserving
Minimizes transactions costs
Micropayments
Security issues with digital currency
Authenticity (non-counterfeiting) Double spending
Non-refutability
8/7/2019 Ecommerce8
7/25
Electronic Payment Systems
Contemporary forms of digital currency
Ecash
Set up account with ecash issuing bank
Account backed by outside money (credit card or cash)
Move credit from account to ecash mint
Public key encryption used to validate coins: third parties can
bite the coin electronically by asking the issuing bank to verify
its encryption
Spend ecoin at merchant site that accepts ecash
Merchant then deposits ecoin in his account at his participating bank, orkeeps it on hand to make change, or spends the ecash at a supplier
merchants site.
Role of encryption
8/7/2019 Ecommerce8
8/25
Encryption
The need for encryption in ecommerce
Degree of risk vs. scope of risk
Institutional versus individual impact Obvious need for ecurrencies.
Public key cryptography: an overview
One-way functions
How it works
Parties to the transaction will be called Alice and Bob.
Each participant has a public key, denoted PA and PB for Alice and
Bob respectively, and a secret key, denoted SA and SB respectively
8/7/2019 Ecommerce8
9/25
Encryption Each person publishes his or her public key, keeping the secret key
secret.
Let D be the set of permissible messages
Example: All finite length bit strings or strings of integers The public key is required to define a one-to-one mapping from the
set D to itself (without this requirements, decryption of the message is
ambiguous).
Given a message M from Alice to Bob, Alice would encrypt this using
Bobs public key to generate the so-called cyphertextC=PB(M). Note
that C is thus a permutation of the set D. The public and secret keys are inverses of each other
M=SB(PB(M))
M=SA(PA(M))
The encryption is secure as long as the functions defined by the public
key are one-way functions
8/7/2019 Ecommerce8
10/25
Encryption
The RSA public key cryptosystem
Finite groups
Finite set of elements (integers)
Operation that maps the set to itself (addition, multiplication)
Example: Modular (clock) arithmetic
Subgroups
Any subset of a given group closed under the group operation
Z2 (i.e. even integers) is a subgroup (under addition) ofZ
Subgroups can be generated by applying the operation to elements of
the group
Example with mod 12 arithmetic (operation is addition)
8/7/2019 Ecommerce8
11/25
Encryption
121 modxv
122 xv
8/7/2019 Ecommerce8
12/25
Encryption
123 xv
124 xv
8/7/2019 Ecommerce8
13/25
Encryption
125 xv
126 xv
8/7/2019 Ecommerce8
14/25
Encryption
127 xv
128 xv
8/7/2019 Ecommerce8
15/25
Encryption
129 modxv
1210 xv
8/7/2019 Ecommerce8
16/25
8/7/2019 Ecommerce8
17/25
Encryption
A key result: Lagranges Theorem
If S is a subgroupof S, thenthenumberofelements of S divides
thenumberofelements of S.
Examples:
1212,
123,
124,
126,
125125
124124
123123
122122
!z!y
!z!y
!z!y
!z!y
ZZZZ
ZZZZ
ZZZZ
ZZZZ
8/7/2019 Ecommerce8
18/25
Encryption
Solving modular equations RSA uses modular groups to transform messages (or blocks of
numbers representing components of messages) to encrypted form.
Ability to compute the inverse of a modular transformation allowsdecryption.
Suppose x is a message, and our cyphertext is y=ax modn forsome numbers a and n. To recoverx from y, then, we need to beable to find a numberb such that x=by modn.
When such a number exists, it is called the mod n inverse of a.
A key result: Foranyn>1, if a andn arerelativelyprime, thentheequation ax=b modnhas a unique solution modulon.
8/7/2019 Ecommerce8
19/25
Encryption
In the RSA system, the actual encryption is done using
exponentiation.
A keyresult:
1mod
,0
1 !
{
pa
aZforany aime, thenIfp is pr
remittle TheoFermats L
p
p
8/7/2019 Ecommerce8
20/25
Encryption
RSA technicals
Select 2 prime numbers p and q
Let n=pq
Select a small odd integere relatively prime to (p-1)(q-1)
Compute the modular inverse dofe, i.e. the solutiontothe
equation
Publish the pairP=(e,n)as the public key
Keep secret the pairS=(d,n)as the secret key
11mod1 ! qpde
8/7/2019 Ecommerce8
21/25
Encryption
For this specification of the RSA system, the message domain is Zn
Encryption of a message Min Znis done by defining
Decrypting the message is done by computing
nMMC e mod)( !!
nCCS d mod!
8/7/2019 Ecommerce8
22/25
8/7/2019 Ecommerce8
23/25
Encryption
Note that the security of the encryption system rests on the fact that
to compute the modular inverse ofe, you need to know the number
(p-1)(q-1), which requires knowledge of the factors p and q.
Getting the factors p and q, in turn, requires being able to factor thelarge numbern=pq. This is a computationally difficult problem.
Some examples:
http://econ.gsia.cmu.edu/spear/rsa3.asp
8/7/2019 Ecommerce8
24/25
Encryption
Applications
Direct message encryption
Digital Signatures
Use secret key to encrypt signature: S(Name)
Appended signature to message and send to recipient
Recipient decrypts signature using public key: P(S(Name)=Name
Encrypted message and signature
Create digital signature as above, appended to message, encrypt
message using recipients public key
Recipient uses own secret key to decrypt message, then uses senders
public key to decrypt signature, thus verifying sender
8/7/2019 Ecommerce8
25/25
Policy Issues
Privacy and verification
Transaction costs and micro-payments
Monetary effects Domestic money supply control and economic policy levers
International currency exchanges and exchange rate stability
Market organization effects
Development of new financial intermediaries
Effects on government
Seniorage
Legal issues