PPay: Micropayments for Peer-to-Peer SystemsBeverly Yang Hector Garcia-Molina{byang, hector}@db.stanford.eduStanford UniversityABSTRACTEmerging economic P2P applications share the common need foran efficient, secure payment mechanism. In this paper, we presentPPay, a micropayment system that exploits unique characteristicsof P2P systems to maximize efficiency while maintaining securityproperties. We show how the basic PPay protocol far outperformsexisting micropayment schemes, while guaranteeing that all coinfraud is detectable, traceable and unprofitable. We also presentand analyze several extensions to PPay that further improve effi-ciency.Categories and Subject DescriptorsC.2.4 [Computer-Communication Netw orks]: DistributedSystems—Distributed ApplicationsKeywordsEconomics, Security, Design, PerformanceGeneral Termspeer-to-peer, micropayments1. INTRODUCTIONIn recent years, peer-to-peer (P2P) applications have emergedas a popular way to share huge amounts of data, computecycles, knowledge/expertise, and other resources. For ex-ample, as of April 30 2003, the KaZaA [9] multimedia filesharing application reported over 4.5 million users sharinga total of 7 petabytes of data. The reason P2P systemscan achieve such scale is their ability to pool together andharness large amounts of resources at the “edge” of the net-work (i.e., at the peers), rather than relying on expensivecentralized resources.Recently, the “killer” application of free multimedia filesharing has come under legal fire from the recording indus-try. As a result, new P2P applications are emerging, such aspay-per-transfer file sharing systems, Grid-style computingPermission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee pro vided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistrib ute to lists, requires prior specificpermission and/or a fee.CCS’03, October 27–31, 2003, Was hington, DC, U SA.Copyright 2003 ACM 1-58113-738-9/03/0010 ...$5.00.systems, web service catalogs/service discovery, data stor-age/archival systems, etc. The goal of these new applica-tions are for the rightful owners of goods or services to becompensated; therefore they all share a common need: an ef-ficient and secure micropayment mechanism, by which peerscan purchase services from one another.The problem with most existing micropayment schemes isthe heavy load on the trusted, centralized broker. A brokeris required to handle accounts, distribute and cash coins,provide security (such as double-spending detection), etc.Although payments need not be online, eventually the bro-ker must take some action for every transaction; as a result,broker load is always O(n) in the number of transactions.Brokers therefore present a scalability and performance bot-tleneck for any system using these micropayment schemes.However, P2P applications have two main characteristicsthat we can exploit to address the above problem:• First, peers serve as both vendors, who sell goods, andbuyers, who purchase them. As a result, a transferablecoin can be used in many transactions before the brokermust be involved in cashing it.• Second, and more importantly, are the massive resourcesavailable at the peers themselves. Like other P2P appli-cations, if we can tap into this pool of resources and shedthe broker’s load onto the peers, we can build a micro-payment scheme with much better scalability and perfor-mance properties than existing ones.The main challenge in exploiting the above two points isto ensure that the security properties of the scheme are notcompromised. For example, transferable coins delay the de-tection of coin fraud, and we now want operations normallydone by the trusted broker to be performed by untrustedpeers.In this paper, we present PPay1, a micropayment schemethat addresses the dual problem of improving performancewhile maintaining security. PPay only requires broker in-volvement when peers open or close accounts, for arbitra-tion, and in limited cases, to perform services on behalf ofoffline peers. We show that under realistic application sce-narios, PPay significantly outperforms existing schemes interms of broker load. At the same time, however, PPayguarantees that all fraud is detectable and traceable. Ourcontributions are as follows:• We present (Section 3) the basic PPay protocol for float-ing, self-managed coins.• We show (Section 4) how the necessary security propertieshold.1“PPay” is short for PeerPay300• We describe (Section 5) several extensions to the basicprotocol that greatly improve system performance.• We present a detailed performance analysis (Section 6),using simulations to (1) show PPay outperforms existingmicropayment schemes in our target application scenario(Section 7.1), (2) determine the special cases in whichPPay is not better, and (3) show how to tune the per-formance of PPay by setting the appropriate parametervalues for our extensions (Section 7.2).We believe that our performance analysis is unique in thisfield, where most schemes are proposed and only qualita-tively analyzed.Preliminaries. One very important point to keep in mindis that micropayments are payments of a small amount.Therefore, (1) utmost security is not required, and (2) thepayment mechanism must be lightweight, otherwise the costof the scheme will outweigh the value of the payment. Areal-world analogy to vending machines is illustrative. Be-cause the goods are low-cost, it is not profitable to hire anemployee to attend the machine. As a consequence, candybars may be stolen, or clients may receive low-quality, stalecandy. Likewise, most micropayment schemes (all schemesknown to the authors) do not guarantee fair exchange ofgoods and payment. An escrow service (e.g., [8]) would maketransactions more expensive than the value of the goods.Therefore, the main disincentive for cheating is that a baduser will be shunned, and will not be able to carry on busi-ness in the future.Furthermore, because payments are offline, coin fraud (e.g.,using a counterfeit coin in a vending machine) may notbe discovered until after the fact. However, offline pay-ments are preferred from a practical standpoint because theyhave lower latency, communication costs and computationalcosts. Naturally, large-scale fraud needs to
View Full Document
Unlocking...