All known methods for transferring electronic money have the disadvantages that the number of bits needed to represent the money after each payment increases, and that a payer can recognize his money if he sees it later in the chain of payments (forward traceability). This paper shows that it is impossible to construct an electronic money system providing transferability without the property that the money grows when transferred. Furthermore it is argued that an unlimited powerful user can always recognize his money later. Finally, the lower bounds on the size of transferred electronic money are discussed in terms of secret sharing schemes.
[1]
David Chaum,et al.
Blind Signatures for Untraceable Payments
,
1982,
CRYPTO.
[2]
David Chaum,et al.
Advances in Cryptology: Proceedings Of Crypto 83
,
2012
.
[3]
Amos Fiat,et al.
Untraceable Electronic Cash
,
1990,
CRYPTO.
[4]
Dominic J. A. Welsh,et al.
Codes and cryptography
,
1988
.
[5]
Kazuo Ohta,et al.
Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash
,
1989,
CRYPTO.
[6]
Tatsuaki Okamoto,et al.
Universal Electronic Cash
,
1991,
CRYPTO.