Electronic Payment Systems
Electronic Payment Systems
• Transaction reconciliation– Cash or check
Electronic Payment Systems
– Intermediated reconciliation (credit or debit card, 3rd party money order)
Electronic Payment Systems
• Transactions in the U.S. economy
Type of Payment Volume (%) in Millions of Transactions Value (%) in Trillions of Dollars
Checks 59,400.0 (96.3%) 68.3 (12.5%)
Fedwire 69.7 (0.1%) 207.6 (37.9%)
CHIPS 42.4 (0.1%) 262.3 (47.9%)
ACH 2,200.0 (3.5%) 9.3 (1.7%)
Total 61,712.10 547.5
Electronic Payment Systems
• Online transaction systems– Lack of physical tokens
• Standard clearing methods won’t work
• Transaction reconciliation must be intermediated
– Informational tokens• Ecommerce enablers
– First Virtual Holdings, Inc. model
• Online payment systems (financial electronic data interchange)– Secure Electronic Transaction (SET) protocol supported by Visa and
MasterCard
• Digital currency
Electronic Payment Systems
– Digital currency• Non-intermediated transactions
• Anonymity
• Ecommerce benefits– Privacy preserving
– Minimizes transactions costs
– Micropayments
– Security issues with digital currency• Authenticity (non-counterfeiting)
• Double spending
• Non-refutability
Electronic Payment Systems
– Contemporary forms of digital currency• Ecash
– Set up account with ecash issuing bank
» Account backed by outside money (credit card or cash)
– Move credit from account to ecash mint
» Public key encryption used to validate coins: third parties can “bite” the coin electronically by asking the issuing bank to verify its encryption
– Spend ecoin at merchant site that accepts ecash
– Merchant then deposits ecoin in his account at his participating bank, or keeps it on hand to make change, or spends the ecash at a supplier merchant’s site.
• Role of encryption
Encryption
• The need for encryption in ecommerce– Degree of risk vs. scope of risk
– Institutional versus individual impact
– Obvious need for ecurrencies.
• Public key cryptography: an overview– One-way functions
– How it works• Parties to the transaction will be called Alice and Bob.
• Each participant has a public key, denoted PA and PB for Alice and Bob respectively, and a secret key, denoted SA and SB respectively
Encryption
• Each person publishes his or her public key, keeping the secret key secret.
• Let D be the set of permissible messages– Example: All finite length bit strings or strings of integers
• The public key is required to define a one-to-one mapping from the set D to itself (without this requirements, decryption of the message is ambiguous).
– Given a message M from Alice to Bob, Alice would encrypt this using Bob’s public key to generate the so-called cyphertext C=PB(M). Note that C is thus a permutation of the set D.
• The public and secret keys are inverses of each other– M=SB(PB(M))
– M=SA(PA(M))
• The encryption is secure as long as the functions defined by the public key are one-way functions
Encryption
• The RSA public key cryptosystem
– Finite groups
• Finite set of elements (integers)
• Operation that maps the set to itself (addition, multiplication)
• Example: Modular (clock) arithmetic
– Subgroups
• Any subset of a given group closed under the group operation
– Z2 (i.e. even integers) is a subgroup (under addition) of Z
• Subgroups can be generated by applying the operation to elements of the
group
• Example with mod 12 arithmetic (operation is addition)
Encryption
121 mod x
122 mod x
Encryption
123 mod x
124 mod x
Encryption
125 mod x
126 mod x
Encryption
127 mod x
128 mod x
Encryption
129 mod x
1210 mod x
Encryption
1211 mod x
Encryption
• A key result: Lagrange’s Theorem– If S’ is a subgroup of S, then the number of elements of S’ divides
the number of elements of S.
– Examples:
1212,
123,
124,
126,
125125
124124
123123
122122
ZZZZ
ZZZZ
ZZZZ
ZZZZ
Encryption
• Solving modular equations– RSA uses modular groups to transform messages (or blocks of
numbers representing components of messages) to encrypted form.– Ability to compute the inverse of a modular transformation allows
decryption.– Suppose x is a message, and our cyphertext is y=ax mod n for
some numbers a and n. To recover x from y, then, we need to be able to find a number b such that x=by mod n.
– When such a number exists, it is called the mod n inverse of a.– A key result: For any n>1, if a and n are relatively prime, then
the equation ax=b mod n has a unique solution modulo n.
Encryption
• In the RSA system, the actual encryption is done using exponentiation.
• A key result:
1mod
,01
pa
aZfor any aime, then If p is pr
rem ittle TheoFermat’s L
p
p
Encryption
• RSA technicals– Select 2 prime numbers p and q
– Let n=pq
– Select a small odd integer e relatively prime to (p-1)(q-1)
– Compute the modular inverse d of e, i.e. the solution to the equation
– Publish the pair P=(e,n) as the public key
– Keep secret the pair S=(d,n) as the secret key
11mod1 qpde
Encryption
– For this specification of the RSA system, the message domain is Zn
– Encryption of a message M in Zn is done by defining
– Decrypting the message is done by computing
nMMPC e mod)(
nCCS d mod
Encryption
– Let us verify that the RSA scheme does in fact define an invertible mapping of the message.
theorem.)s Fermat'applyingby follow stepslast (the
mod
mod
mod mod
Hence,.integer somefor
111
other each of inversesmodular are and Since
n. mod
any For
)1(
)1()1(
)1)(1(
MnMM
nMMM
nMMnM
k
qpked
ed
MMPSMSP
ZM
kq
qkp
qpked
ed
n
Encryption
– Note that the security of the encryption system rests on the fact that to compute the modular inverse of e, you need to know the number (p-1)(q-1), which requires knowledge of the factors p and q.
– Getting the factors p and q, in turn, requires being able to factor the large number n=pq. This is a computationally difficult problem.
– Some examples:
http://econ.gsia.cmu.edu/spear/rsa3.asp
Encryption
• Applications– Direct message encryption
– Digital Signatures• Use secret key to encrypt signature: S(Name)
• Appended signature to message and send to recipient
• Recipient decrypts signature using public key: P(S(Name)=Name
– Encrypted message and signature• Create digital signature as above, appended to message, encrypt
message using recipients public key
• Recipient uses own secret key to decrypt message, then uses senders public key to decrypt signature, thus verifying sender
Policy Issues
• Privacy and verification
• Transaction costs and micro-payments
• Monetary effects– Domestic money supply control and economic policy levers
– International currency exchanges and exchange rate stability
• Market organization effects– Development of new financial intermediaries
• Effects on government– Seniorage
– Legal issues
Top Related