The security problems of Rivest and Shamir's PayWord scheme
暂无分享,去创建一个
The PayWord scheme was proposed by Rivest and Shamir for micropayments. This paper points out that it has the following problem: a malicious customer can damage the bank by purchasing in excess of the customer's credit which the bank has guaranteed by issuing the certificate. In general, there are two positions of the bank with regard to the certificate. Position 1: the bank takes full responsibility for the certificate and compensates all payments created by the customer's purchases; and Position 2: the bank doesn't redeem payments exceeding a limit set for the customer and shares the loss with the shop if trouble occurs. In the PayWord Scheme, the bank can reduce its risk by adopting Position 2 rather than Position 1. However, this paper points out that the bank can damage the shop in Position 2 by impersonating an imaginary customer and making the shop share the loss with the bank.
[1] Stanislaw Jarecki,et al. An Efficient Micropayment System Based on Probabilistic Polling , 1997, Financial Cryptography.
[2] Adi Shamir,et al. PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.
[3] Ralph C. Merkle,et al. A Certified Digital Signature , 1989, CRYPTO.
[4] Martín Abadi,et al. The Millicent Protocol for Inexpensive Electronic Commerce , 1995, World Wide Web J..