Cryptographic Theory Meets Practice: Efficient and Privacy-Preserving Payments for Public Transport

Q Engineering
Andy Rupp, Foteini Baldimtsi, Gesine Hinterwälder, C. Paar
{"title":"Cryptographic Theory Meets Practice: Efficient and Privacy-Preserving Payments for Public Transport","authors":"Andy Rupp, Foteini Baldimtsi, Gesine Hinterwälder, C. Paar","doi":"10.1145/2699904","DOIUrl":null,"url":null,"abstract":"We propose a new lightweight cryptographic payment scheme for transit systems, called P4R (Privacy-Preserving Pre-Payments with Refunds), which is suitable for low-cost user devices with limited capabilities. Using P4R, users deposit money to obtain one-show credentials, where each credential allows the user to make an arbitrary ride on the system. The trip fare is determined on-the-fly at the end of the trip. If the deposit for the credential exceeds this fare, the user obtains a refund. Refund values collected over several trips are aggregated in a single token, thereby saving memory and increasing privacy. Our solution builds on Brands’s e-cash scheme to realize the prepayment system and on Boneh-Lynn-Shacham (BLS) signatures to implement the refund capabilities. Compared to a Brands-only solution for transportation payment systems, P4R allows us to minimize the number of coins a user needs to pay for his rides and thus minimizes the number of expensive withdrawal transactions, as well as storage requirements for the fairly large coins. Moreover, P4R enables flexible pricing because it allows for exact payments of arbitrary amounts (within a certain range) using a single fast paying (and refund) transaction. Fortunately, the mechanisms enabling these features require very little computational overhead. Choosing contemporary security parameters, we implemented P4R on a prototyping payment device and show its suitability for future transit payment systems. Estimation results demonstrate that the data required for 20 rides consume less than 10KB of memory, and the payment and refund transactions during a ride take less than half a second. We show that malicious users are not able to cheat the system by receiving a refund that exceeds the overall deposit minus the overall fare and can be identified during double-spending checks. At the same time, the system protects the privacy of honest users in that transactions are anonymous (except for deposits) and trips are unlinkable.","PeriodicalId":50912,"journal":{"name":"ACM Transactions on Information and System Security","volume":"3 1","pages":"10:1-10:31"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1145/2699904","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Information and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2699904","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 19

Abstract

We propose a new lightweight cryptographic payment scheme for transit systems, called P4R (Privacy-Preserving Pre-Payments with Refunds), which is suitable for low-cost user devices with limited capabilities. Using P4R, users deposit money to obtain one-show credentials, where each credential allows the user to make an arbitrary ride on the system. The trip fare is determined on-the-fly at the end of the trip. If the deposit for the credential exceeds this fare, the user obtains a refund. Refund values collected over several trips are aggregated in a single token, thereby saving memory and increasing privacy. Our solution builds on Brands’s e-cash scheme to realize the prepayment system and on Boneh-Lynn-Shacham (BLS) signatures to implement the refund capabilities. Compared to a Brands-only solution for transportation payment systems, P4R allows us to minimize the number of coins a user needs to pay for his rides and thus minimizes the number of expensive withdrawal transactions, as well as storage requirements for the fairly large coins. Moreover, P4R enables flexible pricing because it allows for exact payments of arbitrary amounts (within a certain range) using a single fast paying (and refund) transaction. Fortunately, the mechanisms enabling these features require very little computational overhead. Choosing contemporary security parameters, we implemented P4R on a prototyping payment device and show its suitability for future transit payment systems. Estimation results demonstrate that the data required for 20 rides consume less than 10KB of memory, and the payment and refund transactions during a ride take less than half a second. We show that malicious users are not able to cheat the system by receiving a refund that exceeds the overall deposit minus the overall fare and can be identified during double-spending checks. At the same time, the system protects the privacy of honest users in that transactions are anonymous (except for deposits) and trips are unlinkable.
密码学理论与实践:公共交通的高效和隐私保护支付
我们为交通系统提出了一种新的轻量级加密支付方案,称为P4R (Privacy-Preserving prepayments with re退款),它适用于功能有限的低成本用户设备。使用P4R,用户可以存入资金来获得一次显示凭证,其中每个凭证都允许用户在系统上任意使用。旅行费用在旅行结束时当场确定。如果凭据的押金超过这个费用,用户将获得退款。在几次旅行中收集的退款值汇总在一个令牌中,从而节省内存并增加隐私。我们的解决方案基于Brands的电子现金方案来实现预付款系统,并基于Boneh-Lynn-Shacham (BLS)签名来实现退款功能。与运输支付系统的纯品牌解决方案相比,P4R允许我们最大限度地减少用户需要支付的硬币数量,从而最大限度地减少昂贵的提款交易数量,以及对相当大的硬币的存储要求。此外,P4R支持灵活的定价,因为它允许使用单个快速支付(和退款)交易来精确支付任意金额(在一定范围内)。幸运的是,启用这些特性的机制只需要很少的计算开销。选择当代安全参数,我们在原型支付设备上实现了P4R,并展示了其对未来过境支付系统的适用性。估计结果表明,20次骑行所需的数据消耗的内存不到10KB,骑行期间的支付和退款事务花费的时间不到半秒。我们表明,恶意用户无法通过收到超过总押金减去总票价的退款来欺骗系统,并且可以在双重支出检查中识别。同时,该系统保护了诚实用户的隐私,因为交易是匿名的(存款除外),旅行是不可链接的。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
ACM Transactions on Information and System Security
ACM Transactions on Information and System Security 工程技术-计算机:信息系统
CiteScore
4.50
自引率
0.00%
发文量
0
审稿时长
3.3 months
期刊介绍: ISSEC is a scholarly, scientific journal that publishes original research papers in all areas of information and system security, including technologies, systems, applications, and policies.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信