Multiple Denominations in E-cash with Compact Transaction Data

We present a new construction of divisible e-cash that makes use of 1) a new generation method of the binary tree of keys; 2) a new way of using bounded accumulators. The transaction data sent to the merchant has a constant number of bits while spending a monetary value 2l. Moreover, the spending protocol does not require complex zero-knowledge proofs of knowledge such as proofs about double discrete logarithms. We then propose the first strongly anonymous scheme with standard unforgeability requirement and realistic generation parameters while improving the efficiency of the spending phase.

[1]  Masayuki Abe,et al.  Topics in Cryptology CT-RSA 2007 , 2007 .

[2]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[3]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[4]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[5]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[6]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[7]  Sébastien Canard,et al.  Complex Zero-Knowledge Proofs of Knowledge Are Easy to Use , 2007, ProvSec.

[8]  Yi Mu,et al.  Compact E-Cash from Bounded Accumulator , 2007, CT-RSA.

[9]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[10]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[11]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[12]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[13]  Aggelos Kiayias,et al.  On the Portability of Generalized Schnorr Proofs , 2009, EUROCRYPT.

[14]  Yi Mu,et al.  Practical Anonymous Divisible E-Cash From Bounded Accumulators , 2007, IACR Cryptol. ePrint Arch..

[15]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[16]  Toru Nakanishi,et al.  Unlinkable Divisible Electronic Cash , 2000, ISW.

[17]  Sébastien Canard,et al.  Divisible E-Cash Systems Can Be Truly Anonymous , 2007, EUROCRYPT.

[18]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.