More Compact E-Cash with Efficient Coin Tracing

In 1982, Chaum [21] pioneered the anonymous e-cash which finds many applications in e-commerce. In 1993, Brands [8–10] and Ferguson [30, 31] published on single-term offline anonymous ecash which were the first practical e-cash. Their constructions used blind signatures and were inefficient to implement multi-spendable e-cash. In 1995, Camenisch, Hohenberger, and Lysyanskaya [12] gave the first compact 2-spendable e-cash, using zero-knowledge-proof techniques. They left an open problem of the simultaneous attainment of O(1)-unit wallet size and efficient coin tracing. The latter property is needed to revoke bad coins from over-spenders. In this paper, we solve [12]’s open problem, and thus enable the first practical compact e-cash. We use a new technique whose security reduces to a new intractability assumption: the Decisional Harmonically-Tipped Diffie-Hellman (DHTDH) Assumption.

[1]  David Chaum,et al.  Transferred Cash Grows in Size , 1992, EUROCRYPT.

[2]  Yiannis Tsiounis,et al.  Efficient Electronic Cash: New Notions and Techniques , 1997 .

[3]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[4]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[5]  David Chaum,et al.  Blind Signature System , 1983, CRYPTO.

[6]  Jacques Traoré,et al.  Group Signatures and Their Relevance to Privacy-Protecting Off-Line Electronic Cash Systems , 1999, ACISP.

[7]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[8]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[9]  Aggelos Kiayias,et al.  Group Signatures: Provable Security, Efficient Constructions and Anonymity from Trapdoor-Holders , 2004, IACR Cryptol. ePrint Arch..

[10]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[11]  Sébastien Canard,et al.  On Fair E-cash Systems Based on Group Signature Schemes , 2003, ACISP.

[12]  Niels Ferguson,et al.  Single Term Off-Line Coins , 1994, EUROCRYPT.

[13]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[14]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[15]  Reihaneh Safavi-Naini,et al.  Efficient and Provably Secure Trapdoor-Free Group Signature Schemes from Bilinear Pairings , 2004, ASIACRYPT.

[16]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[17]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[18]  Colin Boyd,et al.  Fair Electronic Cash Based on a Group Signature Scheme , 2001, ICICS.

[19]  Niels Ferguson,et al.  Extensions of Single-term Coins , 1993, CRYPTO.

[20]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[21]  Aggelos Kiayias,et al.  Extracting Group Signatures from Traitor Tracing Schemes , 2003, EUROCRYPT.

[22]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[23]  Jacques Traoré,et al.  An Efficient Fair Off-Line Electronic Cash System with Extensions to Checks and Wallets with Observers , 1998, Financial Cryptography.

[24]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[25]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[26]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[27]  David Chaum,et al.  Online Cash Checks , 1990, EUROCRYPT.

[28]  Ed Dawson,et al.  Linkability in Practical Electronic Cash Design , 2000, ISW.

[29]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[30]  Ivan Damgård,et al.  Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes , 2000, ASIACRYPT.

[31]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[32]  Yiannis Tsiounis,et al.  Easy Come - Easy Go Divisible Cash , 1998, EUROCRYPT.

[33]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[34]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[35]  Kazuo Ohta,et al.  Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash , 1989, CRYPTO.

[36]  Victor K.-W. Wei Tracing-by-Linking Group Signatures , 2005, ISC.

[37]  Jacques Traoré,et al.  On the Anonymity of Fair Offline E-cash Systems , 2003, Financial Cryptography.

[38]  Kevin Barraclough,et al.  I and i , 2001, BMJ : British Medical Journal.

[39]  Zulfikar Ramzan,et al.  Group Blind Digital Signatures: A Scalable Solution to Electronic Cash , 1998, Financial Cryptography.

[40]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[41]  Vitaly Shmatikov,et al.  Handcuffing Big Brother: an Abuse-Resilient Transaction Escrow Scheme , 2004, EUROCRYPT.

[42]  Tatsuaki Okamoto,et al.  An Efficient Divisible Electronic Cash Scheme , 1995, CRYPTO.

[43]  B. Clifford Neuman,et al.  NetCash: a design for practical electronic currency on the Internet , 1993, CCS '93.

[44]  Hugo Krawczyk,et al.  Adaptive Security for Threshold Cryptosystems , 1999, CRYPTO.