The Practical Problems of Implementing MicroMint

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2339)


Rivest and Shamir[2] proposed a system for generating micro-payment ‘coins’ using an engine that finds collisions in the output of a hash function. Such coins, they argued, would be quick to verify. Furthermore, by virtue of the birthday paradox, the cost of generation a large number of coins could be kept to an acceptable level through economies of scale while the cost of generating a small number of forgeries would be high compared to the return.

In this paper we examine the practicalities of building a MicroMint and we question some of the security statements made in the original paper.


Micro-payments electronic cash system engineering 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    J. Gillmore, editor. Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design. O’Reilly & Associates, 1998.Google Scholar
  2. 2.
    Ronald L. Rivest and Adi Shamir. Payword and micromint: Two simple micropayment schemes. (A preliminary version has appeared in CryptoBytes 3,1 (Spring 1996), pages 7–11. The full version is posted by Rivest on the Web.), 1995.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  1. 1.nCipher Plc.UK

Personalised recommendations