Abstract
We present and analyze the cryptographic techniques used in the SET protocol to implement the blinding of credit card numbers in SET certificates. This blinding is essential to protect credit card numbers from eavesdroppers in the network, and even from some merchants, as required by SET. Without these measures, bulk credit card information could be easily collected thus significantly increasing the risk and amount of credit card fraud.
We first present the security requirements from this blinding operation, which include aspects of secrecy and fraud protection, then show a solu- tion to the problem (implemented in SET) and analyze its security based on well-defined cryptographic assumptions. Interestingly, we show that the requirements for blinding in SET are equivalent to the requirements of non-interactive commitment schemes in cryptography. Thus, our so- lution for SET represents an efficient implementation of a commitment function and as such may be suitable for use in other practical contexts as well.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Canetti, R., and Krawczyk, H., “Keying Hash Functions for Message Authentication”, Advances in Cryptology-CRYPTO 96 Proceedings, Lecture Notes in Computer Science, Springer-Verlag Vol. 1109, N. Koblitz, ed, 1996, pp. 1–15.
Bellare, M., Canetti, R., and Krawczyk, H., “Pseudorandom Functions Revisited: The Cascade Construction”. Proc. of the 37th IEEE Symp. on Foundation of Computer Science, 1996, pp. 514–523.
M. Bellare, J. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, and M. Waidner, “iKP-A Family of Secure Electronic Payment Protocols”, Proceedings of the First USENIX Workshop on Electronic Commerce, NY, July 1995, pp. 89–106.
Bellare, M., and Rogaway N., “Random Oracles are Practical: A Paradigm for Defining Efficient Protocols”, Proc. of the First ACM Conference on Computer and Communications Security, 1993, pp.62–73.
I.B. Damgard, T.P. Pedersen and B. Pfitzmann, “On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures”, Advances in Cryptology: CRYPTO’ 93, Lecture Notes in Computer Science, volume 773, Springer, New York, 1994. Pages 250–265.
O. Goldreich, S. Goldwasser and S. Micali, “How to construct random functions,” Journal of the ACM, Vol. 33, No. 4, 210–217, (1986).
Goldwasser, S., and S. Micali, “Probabilistic Encryption”, JCSS, Vol. 28, No. 2, 1984.
Halevi, S. and Micali, S., “Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing”, in Advances in Cryptography-CRYPTO’ 96, pages 201–215, 1996. Springer-Verlag.
Krawczyk, H., Bellare, M., and Canetti, R., “HMAC: Keyed-Hashing for Message Authentication”, RFC 2104, February 1997.
Naor, M., “Bit Commitment Using Randomness”, Journal of Cryptology, Vol. 2, pp. 151–158, 1991. (Preliminary version in Crypto’89.)
National Institute for Standards and Technology, “Digital Signature Standard (DSS) ”, Technical Report 169, August 30 1991.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Krawczyk, H. (1999). Blinding of Credit Card Numbers in the SET Protocol. In: Franklin, M. (eds) Financial Cryptography. FC 1999. Lecture Notes in Computer Science, vol 1648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48390-X_2
Download citation
DOI: https://doi.org/10.1007/3-540-48390-X_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66362-1
Online ISBN: 978-3-540-48390-8
eBook Packages: Springer Book Archive