Micropayments
Presented by Anthony Wood
To CRAB, March 2, 2004
Some Quotes
 “Micropayment technology in and of itself is about as
interesting as new and improved dish soap.” Mike
Gaynor, founder of RedPaper
 “Users should be willing to pay, say, one cent per Web
page in return for getting quality content and an optimal
user experience with less intrusive ads.” Jakob Nielsen
 “[I]n many ways, theft is the unspoken inspiration for
micropayment systems.” Clay Shirky
2
Outline





Micropayments
A Littered Landscape
Current Schemes
Coin-flipping
Rhetoric
3
Micropayments
 Means of making money (or at least recovering
costs) from online content
 Low prices (< $1), high volume (hopefully)
 Alternative to subscriptions, aggregations
 Allows customer to quickly purchase only what
she is interested in
 Moves content creators closer to consumers
4
Motivation
 Even free online content costs something
 Currently funded by:
 Advertisements (banners, popups,
sponsorships)
 Subsidies
 Good-will of content creators
 Using CCs invokes high transaction costs
 Prevent Spam? DoS attack?
5
History
 Digital Silk Road (Hardy, Tribble, 1993)
 Include “coins” in packets
 Millicent, NetBill, NetCard, PayWord, MicroMint,
…
 Biggest losers to date: venture capitalists
 Continuum from tiny, per-packet schemes to
“normal” online banking (EFT, credit-cards, etc)
 Current focus is on small—not tiny—bankmediated access control for WWW
DigiCash, E-Money, E-Coin
6
Design Considerations
 Double-spending or forgery of “coin”
 Mediated online transactions, or offline cash
alternative
 Availability of online principals
 Converting “coin” to real money
 Overhead of each purchase
 Necessity of custom software
 “Try before you buy”
 Handling fraud, chargebacks
 Does user buy content, or only viewing rights?
7
Current Schemes
 Peppercoin
 Bills customer’s CC periodically
 Paystone
 Like bank account
 BitPass
 Like debit card
 Anonymous
8
Peppercoin
 Founded by Rivest and Micali
 Merchant fees: 5-10%
 Merchant uses PepperMill (Java app) to
encrypt/enclose content in PepperBoxes
 Customers install PepperPanel
 Purchaser downloads PepperBox, pays using
PepperPanel, decrypts contents
 Peppercoin pays merchant probabilistically on
some transactions
 Peppercoin charges customer’s CC monthly
9
Paystone
 Merchant fees:
 10 cents + 5% under $5 (25 cents minimum)
 30 cents + 3% over $5
 Customers load account with money
 Can walk into Bank of America branch
 Merchants create “paylinks” to PayStone,
including encrypted return URL
 Purchaser follows paylink, enters
email/password, redirected back to content
 No software installed
10
BitPass
 Founded by 2 Stanford grad students
 Merchant Fees:
 15% under $5 (1 cent minimum)
 50 cents + 5% over $5
 Customer loads account by PayPal, CC
 Follow link to BitPass, authorize payment,
redirected back to seller
 Seller installs “gateway” to control access
 PHP, Perl CGI, mod_perl, ASP.net
11
Coin-flipping
 Probabilistic payment scheme
 E.g., with probability 1/200, user pays larger
amount; otherwise, access is free
 Expected payment is therefore small negotiated
amount
 Principals: User, Vendor, Bank
 Goals: efficiency, fairness, authentication
 Process:
 Pre-processing
 Coin-flip rounds
12
Pre-processing Stage

Vendor creates one-way chain

y = f(f(f( … (x))))


Vendor sends y and proof of x to User
User verifies proof of x

User creates its own one-way chain

y’ = f(f(f( … (x’))))


User sends (y, y’) and signature to Vendor
User sends proof of x’ to Vendor

Vendor verifies proof of x’ and signature
13
Pre-processing Stage
 User has:
 Own chain: y, …, x2, x1, x
 Vendor pre-image: y’
 Vendor has:
 Own chain: y’, …, x’2, x’1, x’
 User pre-image: y
 User signature of (y, y’)
14
Coin-Flip Round
 User reveals next pre-image in y’ chain
 Vendor reveals next pre-image in y chain
 XOR of pre-image bits defines coin-flip
 If User refuses to pay, Vendor takes (y,
y’), signature, and transaction record to
third-party
15
Coin-Flip Round
 U -> V: x4
 Vendor now knows flip-result
 If User knew, she could abort protocol and
not pay (if bad flip)
 V-> U: x’4
 Both can verify that xi+1 = f(xi)
 Flip = x4 XOR x’4 (suitably biased)
16
Arguments For
 Those who pay, control content
 Micropayments align content providers
interests with consumers
 Electricity and long-distance both meter
usage and are successful
 For small amounts, users don’t stress about
cost
 Subscriptions force all/nothing decisions
in advance of viewing
17
Arguments For
 Subscriptions wall-off from linking,
browsing, and spidering
 Art is not a commodity than can be
replaced by free alternatives
 (Buy McCloud’s comic strip)
 iTunes and PayPal are not far from
micropayments
18
Arguments Against
To continue, click here to contribute
$0.50 to the presenter
19
Arguments Against
 Littered landscape of failed companies
 Flat-fee schemes are more successful
 Metered charging is successful only for monopolies
 Very small transactions can be very hard to
value
 How much is half of one Wired article worth?
 Existing payment infrastructure is becoming
more flexible
20
Arguments Against
 Aggregation smooths variability in
content, and is more efficient
 Mental transaction costs make deciding
to buy more expensive than item being
purchased
 Viewers can always find something else
for free
21
Questions
 How much is this presentation worth? The
entire seminar? A UVA education?
 Have you purchased an item for less than $1
online?
 If user does not have to explicitly decide when
to purchase, how does he prevent fraud?
 Are micropayments a solution to a non-existent
problem?
22