Easy Come - Easy Go Divisible Cash

Recently, there has been an interest in making electronic cash protocols more practical for electronic commerce by developing e-cash which is divisible (e.g., a coin which can be spent incrementally but total purchases are limited to the monetary value of the coin). In Crypto`95, T. Okamoto presented the first practical divisible, untraceable, off-line e-cash scheme, which requires only O(log N) computations for each of the withdrawal, payment and deposit procedures, where N = (total coin value)/(smallest divisible unit). However, Okamoto`s set-up procedure is quite inefficient (on the order of 4,000 multi-exponentiations and depending on the size of the RSA modulus). The authors formalize the notion of range-bounded commitment, originally used in Okamoto`s account establishment protocol, and present a very efficient instantiation which allows one to construct the first truly efficient divisible e-cash system. The scheme only requires the equivalent of one (1) exponentiation for set-up, less than 2 exponentiations for withdrawal and around 20 for payment, while the size of the coin remains about 300 Bytes. Hence, the withdrawal protocol is 3 orders of magnitude faster than Okamoto`s, while the rest of the system remains equally efficient, allowing for implementation in smart-cards. Similar to Okamoto`s, the scheme is based on proofs whose cryptographic security assumptions are theoretically clarified.

[1]  Donald E. Knuth The Art of Computer Programming 2 / Seminumerical Algorithms , 1971 .

[2]  Jacques Traoré,et al.  An Efficient Fair Off-Line Electronic Cash System with Extensions to Checks and Wallets with Observers , 1998, Financial Cryptography.

[3]  M. Yung,et al.  Secure and E cient O-line Digital Money , 1993 .

[4]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[5]  S. Brands An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[6]  Tricia Walker,et al.  Computer science , 1996, English for academic purposes series.

[7]  Yiannis Tsiounis,et al.  "Indirect Discourse Proof": Achieving Efficient Fair Off-Line E-cash , 1996, ASIACRYPT.

[8]  Moti Yung,et al.  Lower Bounds on Term-Based Divisible Cash Systems , 1998, Public Key Cryptography.

[9]  Giovanni Di Crescenzo,et al.  Methodology for Digital Money based on General Cryptographic Tools , 1994, EUROCRYPT.

[10]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[11]  Tatsuaki Okamoto,et al.  Single-Term Divisible Electronic Coins , 1994, EUROCRYPT.

[12]  J. Camenisch Eecient Group Signature Schemes for Large Groups , 1997 .

[13]  Yiannis Tsiounis,et al.  Mis-representation of Identities in E-cash Schemes and how to Prevent it , 1996, ASIACRYPT.

[14]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[15]  Tatsuaki Okamoto,et al.  An Efficient Divisible Electronic Cash Scheme , 1995, CRYPTO.

[16]  Ernest F. Brickell,et al.  Trustee-based tracing extensions to anonymous cash and the making of anonymous change , 1995, SODA '95.

[17]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[18]  Pat Frankel,et al.  Exact analysis of exact change , 1997, Proceedings of the Fifth Israeli Symposium on Theory of Computing and Systems.

[19]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[20]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[21]  David Chaum,et al.  Transferred Cash Grows in Size , 1992, EUROCRYPT.

[22]  Yiannis Tsiounis,et al.  Efficient Electronic Cash: New Notions and Techniques , 1997 .

[23]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[24]  Moti Yung,et al.  Witness-based cryptographic program checking and robust function sharing , 1996, STOC '96.

[25]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[26]  Ntt Laboratorics,et al.  Universal Electronic Cash , 1992 .

[27]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[28]  Ueli Maurer,et al.  Digital Payment Systems with Passive Anonymity-Revoking Trustees , 1996, ESORICS.

[29]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[30]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[31]  Birgit Pfitzmann,et al.  How To Break and Repair A "Provably Secure" Untraceable Payment System , 1991, CRYPTO.

[32]  Stefan BrandsCWI,et al.  Untraceable Oo-line Cash in Wallets with Observers , 1993 .

[33]  Ueli Maurer,et al.  Digital Payment Systems With Passive Anonymity-Revoking Trustees , 1996, J. Comput. Secur..