Anonymous internet banking

From Wikipedia, the free encyclopedia

Anonymous Internet Banking is the name given to the proposed use of strong financial cryptography to make electronic bank secrecy (or more precisely pseudonymous banking) possible. The bank issues currency in the form of electronic tokens that can be converted on presentation to the bank to some other currency. This concept has a long history in which free banking institutions have issued their own paper currency often backed by a physical commodity.

1 Concept
2 The underlying mathematics
3 See also
4 External links

[edit] Concept

Adam wishes to send Zelda the secret documents.
Adam requests a padlock from Zelda.
Zelda sends an open padlock to Adam, but keeps the key.
Adam padlocks the secret documents in a box and sends it to her.

[edit] The underlying mathematics

Anonymous internet banking depends on the mathematics of public key cryptography and blind signature algorithms. In this simple example we have Alice and Bob and a banker. The banker generates an RSA public key with modulus $n = P Q$ , where $P$ and $Q$ are large primes. As described in RSA operation, the bank also generates public key exponent $e$ and private key exponent $d$ .

Bob asks the banker for a $100 deposit slip in anticipation of Alice wanting to transfer money to him. To generate a deposit slip the bank selects a large, globally unique random number $R$ and encrypts it using the bank's public key; this means that it can only be decrypted with the bank's secret key:

$R' = R e (mod n)$

This encrypted value $R'$ is sent to Bob with the promise to deposit $100 into his account when Bob sends the value $R$ back to the bank. The bank is confident that Bob won't be able to break RSA to generate $R$ from $R'$ within the heat death of the universe without knowledge of $d$ , so it does not worry about handing out the deposit slips without receiving anything from Bob.

When Alice wants to pay Bob $100 she asks for the deposit slip and Bob sends her $R'$ . Alice selects a large random value $w$ and uses it to blind $R'' = w * R'$ and sends it to the bank to be blind signed. The Bank charges Alice $100 for this operation and returns the blind signed value $R'''$ . Due to the symmetric properties of RSA, this provides her with $R$ :

$\begin{align} R''' & = (w*R')^d \pmod n \\ & = (w*(R^e) \pmod n)^d \pmod n \\ & = w * ( R^{ed} \pmod n ) \\ & = w R \\ \end{align}$

Because of the blinding process, the Bank is not able to associate $R''$ with $R'$ or $R$ , so it is unable to determine that Bob and Alice are doing business together, preserving the anonymity of the transaction. Alice unblinds $R'''$ to generate the original value $R$ , which she sends to Bob.

Bob verifies that $R$ can be encrypted with the bank's public key by computing $R' = R e (mod n)$ , which means that Alice has deposited $100 into the bank. Bob then sends this value to the bank and the bank checks its records to be sure that $R$ has not been already used. If it has not, it deposits $100 into his account and updates its database that the unique value $R$ has been redeemed.

Different public keys can be used for different denominations of currency so this system doesn't take appreciably longer for large transactions.

Note that if neither Alice nor Bob wishes the bank to know that they performed a transaction with each other then it is hard for the bank to find out. However, in order to ensure this is the case many people need to be making transactions at the same time. Otherwise the bank can figure it out by the timing of the transactions, using traffic analysis.