For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Solutions to Security Problems of Rivest and Shamir's PayWord Scheme
Norio ADACHI Satoshi AOKI Yuichi KOMANO Kazuo OHTA
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 2005/01/01
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
micropayment, PayWord Scheme, digital signature, hash chain,
Full Text: PDF(241.6KB)>>
The PayWord Scheme, invented by Rivest and Shamir, is an efficient micropayment scheme utilizing a hash function. We point out that the scheme has the following problem: a malicious customer can damage the bank by purchasing in excess of the customer's credit which the bank has guaranteed by issuing a certificate. Generally, there are two positions of the bank with regard to the certificate. Position 1: the bank takes full responsibility for the certificate and compensates all payments created by the customer's purchases; and Position 2: the bank does not redeem payments exceeding a limit set for the customer and shares the loss with the shop if trouble occurs. In the PayWord Scheme, the bank can reduce its risk by adopting Position 2 rather than Position 1. However, this paper points out that the bank can damage the shop in Position 2 by impersonating an imaginary customer and making the shop share the loss with the bank. We propose a micropayment scheme (countermeasure) that overcomes these problems.