Blinding of Credit Card Numbers in the SET Protocol

We present and analyze the cryptographic techniques used in the SET protocol to implement the blinding of credit card numbers in SET certificates. This blinding is essential to protect credit card numbers from eavesdroppers in the network, and even from some merchants, as required by SET. Without these measures, bulk credit card information could be easily collected thus significantly increasing the risk and amount of credit card fraud. We first present the security requirements from this blinding operation, which include aspects of secrecy and fraud protection, then show a solution to the problem (implemented in SET) and analyze its security based on well-defined cryptographic assumptions. Interestingly, we show that the requirements for blinding in SET are equivalent to the requirements of non-interactive commitment schemes in cryptography. Thus, our solution for SET represents an efficient implementation of a commitment function and as such may be suitable for use in other practical contexts as well.