C. Jutla, M. Yung, Paytree: amortized signature for flexible micropayments, in: Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX, 1996.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....6.5 Related Work The use of Merkle hash trees for authentication of data is not new. This work is most closely related to the work of Naor Nissim [20] for revocation. Haber and Stronetta [13] use similar techniques for timestamping. Similar schemes have also been used for micro payments [23]. All these schemes (including ours) share a common theme of leveraging the trust provided by a few digital signatures from a trusted party over multiple hashes, hash paths or hash trees, with the goal of protecting the integrity of the content, with e#cient verification, since hashes are more ....

S. Charanjit and M. Yung. Paytree: Amortized Signature for Flexible Micropayments. In Proceedings of the Second Usenix Workshop on Electronic Commerce, 1996.

....be selected independently (via a keyed pseudo random number generator) The leaves of the tree may either be used one by one, or many at the same time. The former type of use is well suited for applications such as TESLA [10] certification refreshal [9] wireless security [2] and micro payments [4, 12], while the latter type finds direct use for Merkle signatures [8, 5] This partition of applications also corresponds to the birth of the techniques we describe; while the second and third author were motivated by the case relating to Merkle signatures, the first and fourth author focused on the ....

C. Jutla and M. Yung, "PayTree: amortized-signature for flexible micropayments, " 2nd USENIX Workshop on Electronic Commerce, pp. 213--221, 1996.

....the consumer buys repeatedly from the same merchant (and usually for the same amounts) Proposals based on hash chains include PayWord [RS96] micro iKP [HSW96] and others. Some variants use the natural extension of the hash chain idea into a hash tree, for improved performance and flexibility [JM96]. o MicroMint [RS96] This scheme is unique in requiring the PSP to perform a hard cryptographic operation, i.e. an operation which is assumed to required huge computational resources, but is easy to verify. This is justified by performing many such operations together, which is ....

C. Jutla, M. Yung, "Paytree: amortized signature for flexible micropayments", In 2nd USENIX Workshop on electronic commerce, 1996, pp. 213--221.

....with respect to their freshness policies. 6.5 Related Work The use of Merkle hash trees for authentication of data is not new. This work is most closely related to the work of Naor Nissim [13] for revocation. Haber and Stronetta [7] use similar techniques for timestamping. Similar schemes [16] have also been used for micropayments. All these schemes (including ours) share a common theme of leveraging the trust provided by a few digital signatures from a trusted party over multiple hashes, hash paths or hash trees, with the goal of protecting the integrity of the content, with e#cient ....

S. Charanjit and M. Yung. Paytree: Amortized Signature for flexible micropayments Second Usenix Workshop on Electronic Commerce Proceedings, 1996

....to be authenticated. The other two signatures are used to sign new right and left children nodes as required. This allows the tree to be extended indefinitely at the cost of greatly increased storage and the need to check all signatures on the authentication path. Jutla and Yung based the PayTree [JY96] micropayment scheme on Merkle s first authentication tree. In PayTree each leaf of the authentication tree becomes the anchor of a normal hash chain, as illustrated in Figure 3 5. The root of the tree is signed with an asymmetric digital signature by a broker. Since the anchor of each hash chain ....

C. Jutla and M. Yung. PayTree: amortized-signature for flexible micropayments. In Proceedings of the 2 nd USENIX Workshop on Electronic Commerce, pp.213-21, Oakland, California, November 1996.

....Chaum, Fiat and Naor ( 7] also see [9] research contributions have tended either to introduce new features into existing payment paradigms or to address stronger attack models. Among the new features recently introduced are o line payments [2, 3, 14] divisibility [27, 20] and micro payments [17, 18, 23, 25, 28, 33]. Examples of stronger attack models or improved protection against attacks include tamper resistance [10] provable security against forgery [24] fairness [19] probabilistic on line veri cation [23, 37] and revocable anonymity [4, 5, 6, 12, 15, 16, 20, 21, 22, 26, 30, 31, 32, 34, 36] In all ....

C. Jutla and M. Yung, "Paytree: 'Amortized Signature' for Flexible Micropayments, " 2nd USENIX Workshop on Electronic Commerce, November 1996.

....systems use online checking (thus negating the off line operation capability) Others rely on detection after the fact, which introduces the potential for large scale simultaneous multiple spending. The same drawback is manifest in several micropayment procotols, such as PayWord [RS] PayTree [JY96] micro iKP [HSW96] and others [Tan95] While the double spending possibility is an inherent property of all such systems, none of the above protocols employ any kind of risk management scheme to address it. NetCents [PHS98] and Millicent [Man95] are scrip based off line friendly micropayment ....

C. Jutla and M Yung. Paytree: amortized signature for flexible micropayments. In Proceedings of the Second USENIX Workshop on Electronic Commerce. USENIX, 1996.

....Chaum, Fiat and Naor ( 7] also see [9] research contributions have tended either to introduce new features into existing payment paradigms or to address stronger attack models. Among the new features recently introduced are off line payments [2, 3, 14] divisibility [27, 20] and micro payments [17, 18, 23, 25, 28, 33]. Examples of stronger attack models or improved protection against attacks include tamper resistance [10] provable security against forgery [24] fairness [19] probabilistic on line verification [23, 37] and revocable anonymity [4, 5, 6, 12, 15, 16, 20, 21, 22, 26, 30, 31, 32, 34, 36] In all ....

C. Jutla and M. Yung, "Paytree: 'Amortized Signature' for Flexible Micropayments, " 2nd USENIX Workshop on Electronic Commerce, November 1996.

.... flexibility and convertibility requirements put forth in [61] Our system is easily extendible to include practical functions like coin divisibility (the ability to spend any fraction of a coin and save the rest for later payments, check payments, credit card payments, micropayments (e.g. [42, 52, 53, 71, 80]) and a fair exchange [46] ensuring that neither the payer nor the payee cheats each other) Similarly, we can allow certain coins to be eligible for deposit only after certain triggering events have occurred (e.g. implementing surety bonds [54] These expansions in terms of functionality are ....

....or just of a time dependent type. An example of the former type would be if Alice cannot pay her rent, then this check can be used for that purpose, and an example of the latter is this coin cannot be cashed until July 7th. II.F. 5 Micro payments Micro payments can be implemented (as in [53, 71]) by using the last hash value in a chain of such values as a challenge; later, the spender can gradually pay by sending over hash preimages to the merchant. Since our scheme is relatively light weight, it is well suited to implement anonymous micro payments. II.F.6 Negotiable Anonymity ....

C. Jutla and M. Yung, "Paytree: `amortized signature' for flexible micropayments," 2nd USENIX Workshop on Electronic Commerce, November 1996.

....each coin to be stored by its owner. Moreover, our scheme is contrasted to Simon s, which, by not using signatures, limits computational costs, but at the same time also reduces the functionality of the resulting scheme. Technically, our work bears some resemblance to micro payment schemes (e.g. [20, 21, 29, 35]) These allow a user to spend a coin representation in small steps by sending the merchant transcripts that are computed as incremental hashes of a seed. Similarly, we maintain low storage costs for user devices by letting these store only a seed and counters, from which payment transcripts can ....

C. Jutla and M. Yung, "Paytree: `amortized signature' for flexible micropayments, " 2nd USENIX Workshop on Electronic Commerce, November 1996.

....with partially trusted publishers, or quorums. Related Work. The use of Merkle hash trees for authentication of data is not new. This work is most closely related to the work of Naor Nissim [15] for revocation. Haber and Stronetta [9] use similar techniques for timestamping. Similar schemes [18] have also been used for micropayments. All these schemes (including ours) share a common theme of leveraging the trust provided by a few digital signatures from a trusted party over multiple hashes, hash paths or hash trees, with the goal of protecting the integrity of the content, with e#cient ....

S. Charanjit and M. Yung. Paytree: Amortized Signature for flexible micropayments Second Usenix Workshop on Electronic Commerce Proceedings, 1996

....with respect to their freshness policies. 6.5 Related Work The use of Merkle hash trees for authentication of data is not new. This work is most closely related to the work of Naor Nissim [13] for revocation. Haber and Stronetta [7] use similar techniques for timestamping. Similar schemes [16] have also been used for micropayments. All these schemes (including ours) share a common theme of leveraging the trust provided by a few digital signatures from a trusted party over multiple hashes, hash paths or hash trees, with the goal of protecting the integrity of the content, with e#cient ....

S. Charanjit and M. Yung. Paytree: Amortized Signature for flexible micropayments Second Usenix Workshop on Electronic Commerce Proceedings, 1996

....Of course this solution requires brokers who must be trusted, and who should have agreements with vendors. Another coupon based family of (similar to each other) solutions is Rivest and Shamir s PayWord, 27] Anderson s NetCard [1] Pederson s at. al. scheme [23] Jutla and Yung PayTree [22] and Hauser at. al micro iKP [15] The top level idea of all this schemes is basically one of Lamport s [17] also used for S key [14] and it is as follows: take a one way permutation f (or a hash function or a one way function which is one way on its iterates) pick a random input x, and ....

....a single micro payment. The user, when he wishes to make a payment to the Vendor, gives y (with appropriate banks public key authentication of y this is a one time setup operation) to the Vendor, but then for each subsequent payment just gives the next inverse in the above chain. Jutla and Yung [22] generalize this chains to trees in a natural way. The drawback of all this schemes is double spending, where to combat this the two approaches being taken are either to check on line (which is expensive) or to black list users (which is somewhat expensive too, and may not be sufficient if user s ....

[Article contains additional citation context not shown here]

C. Jutla and M. Yung "Paytree: amortized signature for flexible micropayments " In Second USENIX workshop on Electronic Commerce, November 1996.

....some of these applications in this section. 7. 1 Micropayment schemes Our fair exchange protocol can be easily integrated with payment schemes in which payment is made by the customer revealing the input that produces a known output from a one way function, such as in PayWord [RS95] or PayTree [JY96]) This allows for fair purchase of a digital document with a PayWord coin, or for the fair exchange of two PayWord coins. In such uses, the vendor receiving the PayWord coin would not even require an independent appraisal of the hash value prior to the exchange, as the prior digital ....

C. Jutla and M. Yung. PayTree: Amortizedsignature for flexible micropayments. In Proceedings of the Second USENIX Workshop on Electronic Commerce, pages 213--221, 1996.

....that the number of verification nodes needed for a given day depends only on the number of users revoked the previous day and not on all of the users revoked thus far. For the first modification we replace each chain of tokens of length 365 with a hash tree of depth 2 Delta 365, analogous to [8, 5]. The root value of the hash tree becomes the 0 token. There is one such hash tree and 0 token associated with every node in the labelled tree of N elements. On day i, for each node v in the day i verification set, the CA gives the log(2 Delta 365) 1 hash values needed to compute the path from ....

C. Jutla and M. Yung "Paytree: amortized signature for flexible micropayments " In Second USENIX workshop on Electronic Commerce, November 1996.

....micropayment schemes have been studied extensively. The idea of using hash chains to reduce the number of signature generations was independently discovered by a number of groups. These include PayWord [21] Pederson s tick payments [19] micro iKP [12] and NetCard [2] Jutla and Yung [14] study a variation where hash trees are used rather than chains. Hash chains are based on a technique due to Lamport [15] Since we wish to focus on the PalmPilot (user) to vendor interaction (rather than vendor to bank) we allow the bank and vendor to reside on the same machine. This tight ....

C. Jutla, M. Yung, "Paytree: amortized signature for flexible micropayments", In 2nd USENIX Workshop on electronic commerce, 1996, pp. 213--221.

No context found.

C. Jutla, M. Yung, Paytree: amortized signature for flexible micropayments, in: Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX, 1996.

No context found.

C. Jutla, M. Yung, Paytree: amortized signature for flexible micropayments, in: Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX, 1996.

No context found.

Jutla, C., Yung, M.: Paytree: amortized signature for flexible micropayments. In: Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX (1996)

No context found.

Jutla, C., Yung, M.: Paytree: amortized signature for flexible micropayments. In: Proceedings of the Second USENIX Workshop on Electronic Commerce, USENIX (1996)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC