Anonymous Internet banking

(Redirected from Anonymous internet banking)

Anonymous Internet banking is the proposed use of strong financial cryptography to make electronic bank secrecy (or more precisely pseudonymous banking) possible. The bank issues currency in the form of electronic tokens that can be converted on presentation to the bank to some other currency. This concept has a long history in which free banking institutions have issued their own paper currency often backed by a physical commodity.

History

While the academic study of trust relationships and systems has long been the domain of intelligence services such as the NSA, the growth of the Internet in the 1990s and the contemporary declassification of related knowledge allowed for greater public discussion of the potential for anonymous banking services by groups such as the cryptoanarchists and cypherpunks.

Example system implementations

For a full list see list of anonymous internet banking systems

The underlying mathematics

Anonymous internet banking depends on the mathematics of public key cryptography and blind signature algorithms. In this simple example we have Alice and Bob and a banker. The banker generates an RSA public key with modulus $n= P Q$, where $P$ and $Q$ are large primes, making $n$ a semiprime. As described in RSA operation, the bank also generates public key exponent $e$ and private key exponent $d$.

Bob asks the banker for a $100 deposit slip in anticipation of Alice wanting to transfer money to him. To generate a deposit slip the bank selects a large, globally unique random number $R$ and encrypts it using the bank's public key; this means that it can only be decrypted with the bank's secret key: $R' = R^e\pmod n$ This encrypted value $R'$ is sent to Bob with the promise to deposit$100 into his account when Bob sends the value $R$ back to the bank. The bank is confident that Bob won't be able to break RSA to generate $R$ from $R'$ within the heat death of the universe without knowledge of $d$, so it does not worry about handing out the deposit slips without receiving anything from Bob.

When Alice wants to pay Bob $100 she asks for the deposit slip and Bob sends her $R'$. Alice selects a large random value $w$ coprime with $n$ (so as to have an inverse modulo $n$) and uses it to blind $R''=w^e*R'$ and sends it to the bank to be blind signed. The Bank charges Alice$100 for this operation and returns the blind signed value $R'''$. Due to the symmetric properties of RSA, this provides her with $R$:

\begin{align} R''' & = (w^e*R')^d \pmod n \\ & = (w^e*R^e)^d \pmod n \\ & = (w*R)^{ed} \pmod n \\ & = w * R \pmod n\\ \end{align}

Because of the blinding process, the Bank is not able to associate $R''$ or $R'''$ with $R'$ or $R$. The only possible way for the bank to do this is to trial divide $R''$ by all the values of $R'$ that it gave out or $R'''$ by all values of $R$. This means is unable to determine that Bob and Alice are doing business together, preserving the anonymity of the transaction. Alice unblinds $R'''$ (by dividing it by $w$) to generate the original value $R$, which she sends to Bob. Bob verifies that $R$ can be encrypted with the bank's public key by computing $R' = R^e \pmod n$, which means that Alice has deposited $100 into the bank. Bob then sends this value to the bank and the bank checks its records to be sure that $R$ has not been already used. If it has not, it deposits$100 into his account and updates its database that the unique value $R$ has been redeemed.

Different public keys can be used for different denominations of currency so this system doesn't take appreciably longer for large transactions.

Note that if neither Alice nor Bob wishes the bank to know that they performed a transaction with each other, then it is hard for the bank to find out. However, in order to ensure this is the case many people need to be making transactions at the same time. Otherwise the bank can figure it out by the timing of the transactions, using traffic analysis.