Oo-line Electronic Cash Based on Secret-key Certiicates

An oo-line electronic coin system is presented that ooers multi-party security and unconditional privacy of payments. The system improves signiicantly on the eeciency of the previously most eecient such system known in the literature, due to application of a recently proposed technique called secret-key certiicates. By deenition of secret-key certiicates, pairs consisting of a public key and a matching certiicate can be simulated with indistinguishable probability distribution. This allows a variety of polynomial-time reductions from a well-known signature scheme to the cash system. In particular, the withdrawal protocol can be proved to be restrictive blind with respect to one account holder, relying only on a standard intractability assumption; no such result has been proved before in the literature. Another consequence of the application of the secret-key certiicate technique is that the withdrawal protocol is not a blind signature issuing protocol. This falsiies the popular belief that eecient privacy-protecting oo-line electronic cash systems must be based on withdrawal protocols that are blind signature issuing protocols.

[1]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[2]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[3]  Ivan Damgård,et al.  Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals , 1988, CRYPTO.

[4]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[5]  Kazuo Ohta,et al.  Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash , 1989, CRYPTO.

[6]  Kazuo Ohta,et al.  Divertible Zero Knowledge Interactive Proofs and Commutative Random Self-Reducibility , 1990, EUROCRYPT.

[7]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[8]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[9]  Barry Hayes,et al.  Anonymous One-Time Signatures and Flexible Untraceable Electronic Cash , 1990, AUSCRYPT.

[10]  Joos Vandewalle,et al.  Advances in Cryptology - EUROCRYPT '89, Workshop on the Theory and Application of of Cryptographic Techniques, Houthalen, Belgium, April 10-13, 1989, Proceedings , 1990, EUROCRYPT.

[11]  Ernest F. Brickell,et al.  An Interactive Identification Scheme Based on Discrete Logarithms and Factoring , 1990, EUROCRYPT.

[12]  David Chaum,et al.  SmartCash: a practical electronic payment system , 1990 .

[13]  M. Bellare,et al.  On Deening Proofs of Knowledge , 1992 .

[14]  David Chaum,et al.  Transferred Cash Grows in Size , 1992, EUROCRYPT.

[15]  David Chaum,et al.  Achieving Electronic Privacy , 1992 .

[16]  Rafael Hirschfeld,et al.  Making Electronic Refunds Safer , 1992, CRYPTO.

[17]  J. Feigenbaum Advances in cryptology--CRYPTO '91 : proceedings , 1992 .

[18]  Alfredo De Santis,et al.  Zero-knowledge proofs of knowledge without interaction , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[19]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[20]  Niels Ferguson,et al.  Extensions of Single-term Coins , 1993, CRYPTO.

[21]  Ronald Cramer,et al.  Improved Privacy in Wallets with Observers (Extended Abstract) , 1994, EUROCRYPT.

[22]  S. Brands Off-Line Cash Transfer by Smart Cards. , 1994 .

[23]  Tatsuaki Okamoto,et al.  Single-Term Divisible Electronic Coins , 1994, EUROCRYPT.

[24]  Giovanni Di Crescenzo,et al.  Methodology for Digital Money based on General Cryptographic Tools , 1994, EUROCRYPT.

[25]  Ernest F. Brickell,et al.  Trustee-based tracing extensions to anonymous cash and the making of anonymous change , 1995, SODA '95.

[26]  Pjm Thijs Veugen The security of an RSA-based cut-and-choose protocol , 1995 .

[27]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.