Сильвио Микали «Универсальная система платежей»
Transcript of Сильвио Микали «Универсальная система платежей»
Universal Payment Systems
Silvio Micali Ron Rivest
History of Money
Barter
…
(abridged)
?No
thanks!No
thanks!
Bartergold bars
History of Money
…
(abridged)
History of Money
Bartergold barsCOINS (Lydians 640 B.C. )
…
(abridged)
History of Money
Bartergold barsCOINS Checks
…
(abridged)
Silvio $1MNow!
Yandexseminar
History of Money
Bartergold barsCOINS ChecksCredit cards
…
(abridged)
History of Money
Bartergold barsCOINS ChecksCredit cards
…
(abridged)
Micali & Rivest’s Universal Cash
Why Universal Cash? Because � $Ts in Cash Payments < $5 � Must be convenient, electronic, and secure in all applications� Must enables all payments
� Must work with all merchants
What and Where� Web download
– Music (even streaming)
� Mobile phone– Map– Ringtones
� Physical POS– Vending machine
In your phone, everywhere
Challenges� Processing Cost
� Customer Care
Typical processing fee: > $0.10 + 2.5%
“Live” customer service: $5 to $10 per incident
Chargeback fees: $15 to $30 per incident
HOW?
� Aggregation
� + easy of use, etc. etc. etc.
many Micro ⇒ 1 Macro
many Small ⇒ 1 Big
1st APPROACH: No Aggregation
Alice
BillCostly!
Bank 1Bank 2
Costly Example 1: Electronic Checks
SIGAlice(I will pay $1 to E-Tunes; date: November 14, 2012)
(Much More) Costly Example 2: Chaum’s Digital Cash
Alice
Bill Limited usefulness!Example 1: PayworldExample 2: Millicent
Bank 1Bank 2
2nd APPROACH: Single-Merchant Aggregation
RIGHT APPROACH: Universal Aggregation
Payments aggregated from ALL consumers, ALL merchants, ALL PSP’s
in any combination.
Dramatically reduces processing cost, independent of spending patterns!
MR Technology
� Bank processes only 1 out of 100 payments (on average)
� Process is FAIR to all parties
� NO INTERACTION, Great Efficiency
� Cures the common cold, Etc.
Reduces Cost by a factor of
10, 20, 100, … x
Generic Payment Framework
Consumer Merchant
Authori-zation Deposit(s)
Merchant PSP
Consumer PSP Settlement
Payment(s)
& Billing
processor
Simplifying:
User U Merchant M
Bank B
MR Solution (High-Level)
99/100
disappears
We determine:� Which payments are processed� How users gets charged
So that:� User, merchant and bank cannot cheat� Fair to user always (never overcharged)� Fair to merchant and bank on average
If true:100 Transactions at Cost of 1
BANK OFFLINE
1/100
$10
HOW?
99/100
Ignore it
1/100
In Heaven…
Let us make Heaven on Hearth!
“10 cents”
$10
Spent so far
Physical Solution Warm Up:
Scratch-and-win checks
(Then Digital Methods)
Look at me(no slides for this)
0th Method
Digital Signatures= (Gen,Sig,Ver)
Gen PK public verification key
SK secret signing key
SKm sSig
Fast algorithms
Ver
mPK No
Yess’
??
Sig(m) unpredictabe without SK
1. Digital Signatures
• Generate SK, PK• Keep secret SK and Publicize PK• Only you can sign your own messages• Every one can verify your signatures
SK
2. Smart Card
Ingredients
SIG = Dig.Sig. = secret & unpredictable function
CertU SU=SIGU(j,T)SIGM(SU)
1/100
SU,SM
Verify, Pay $10, Debit j dimes or
(Revoke, Refuse & Prove why not)
CertUSKU
U M
99/100
$.10 fixed!
00?
=
= …XY = SM
T = transaction = (U, M, B, item, $, time, …)
j = U’s check serial number: 1,2,3,…
1st Method
B
CertU S1U=SIGU(1,T1)
00?
=
SIGM1(S1U) = …72 = SM1CertUSKU
U M1
1st Method
Action!
CertU S2U=SIGU(2,T2)
00?
=
SIGM2(S2U) = …31 = SM2CertUSKU
U M2
1st Method
Action!
CertU S120U=SIGU(120,T120)
00?
=
SIGM120(S120U) = …00 = SM120
S120U,SM120
BVerify, Pay $10, Debit j dimes or
(Revoke, Refuse & Prove why not)
CertUSKU
U M120
1st Method
Action!
MR at a glance� Aggregation: Universal� User-fairness: Fair� Customer Care: Automatic� PSP involvement: Off-line� Computation: Local� Interaction: None (e.g. anti-spam, routing)� Easy of Use: Transparent (to user)� Anonymity: 99% (For Free!)
Details� Variable-Size Payments� Revenue Variance� Fraud Prevention� Optimizations� Security
Variable-sized payments
� To make micropayment of size m:– Chance of “winning” becomes
m / Mwhere M is the macropayment size.
Example1: $1 payment converts to a $10 macropayment with probability 1/10.Example 2: A one-cent payment converts to a $10 macropayment with probability 1/1000.
Revenue variance� Theorem. If Peppercoin reduces merchant
fees by a fraction R of the transaction value, then merchant ahead (with probability 999,999/1,000,000) after only (5 / R)2
macropayments have been received.
Example: micro = 0.10, macro = $10, other fee = 0.03,
peppercoinfee = 0.01, R = 0.20, (5/R)2 = 625 macropayments or $6250 total value.
Fraud Prevention� U� M� B� M&B� U&B� U&M Careful!
CountermeasuresSecure hardwareQueue: macropayment to M only from revenue from that U
Optimization
� “Pay Merchant $10 if the two low-order digits of the hash of Merchant’s digital signature of the date of this check are 75.”
� I.e., Merchant signs once a day.
Security
Q: Digital Signatures are unpredictable, but are they RANDOM???
Heuristics: You can make them very random
Thm: There are provably secure implementations
Silvio .
In Sum UniversalSecure
ElectronicNon-InteractiveHighly EfficientMicro-to-MacroPayment System
Thank You!Macropayments
only
MIT (US-only) patent pending