Electronic devices for executing transactions in real time for applications such as transit systems and vending machines require safekeeping mechanisms for users. But how should customers who use low-cost devices with scarce storage securely perform transactions on systems with imperfect instantaneous processing power?
Rupp and colleagues offer cryptographic ideas for effectively preserving the privacy of customers who use devices with insufficient storage and processing time to carry out transactions in public transportation systems. Readers unfamiliar with the Diffie-Hellman key exchanges, the reliability of the discrete logarithm, the applications of zero-knowledge proofs, and Galois fields should browse the concepts of these security protocols in Trappe and Washington , prior to exploring the assumptions and proofs of the trustworthy algorithms for providing security in real-world application systems in this paper.
The authors present a privacy-preserving payment for public transportation system (P4TS) with voyage go-ahead voucher (VGAV), reimbursement estimation ticket (RET), and repayment token (RT) subsystems. The users in P4TS purchase tickets from an offline VGAV subsystem. The VGAV subsystem encodes the identification of each user on each ticket. Each user inserts a ticket into a reader at an access gate, applies a zero-knowledge proof to validate his/her identity to gain entrance into the P4TS, and receives a stamped RET that contains the date and time, reader identification, and message authentication code of the VGAV. At the exit gate, the user submits the RET and an RT to a reader. The reader computes the trip fare and transfers any balance to the RT for reimbursement at a vending machine.
Test results from the prototype implementation of the P4TS reveal that (1) the display of a VGAV and obtaining an RET can be efficiently executed on some devices; (2) the time to obtain a refund is more costly; and (3) buying trip tokens consumes more processing time due to the elliptic curve cryptography used in this project. Nevertheless, the performance of the P4TS has a constant runtime for all withdrawal and spending fares, as opposed to the linear time growth of the well-known Brands’s e-cash algorithm. Clearly, the paper presents reliable probabilistic algorithms and security protocols that enable users to enroll with the VGAV subsystem, use tokens, and receive accurate refunds from the P4TS. The authors provide convincing lemmas and formal proofs to illustrate the security of the VGAV, RET, and RT subsystems. I strongly encourage all database and user security experts to read and weigh in on the insightful and practical safekeeping ideas in this paper.