论文信息 - Compact E-Cash from Bounded Accumulator

Compact E-Cash from Bounded Accumulator

Known compact e-cash schemes are constructed from signature schemes with efficient protocols and verifiable random functions. In this paper, we introduce a different approach. We construct compact e-cash schemes from bounded accumulators. A bounded accumulator is an accumulator with a limit on the number of accumulated values. We show a generic construction of compact e-cash schemes from bounded accumulators and signature schemes with certain properties and instantiate it using an existing pairing-based accumulator and a new signature scheme. Our scheme revokes the secret key of the double-spender directly and thus supports more efficient coin tracing. The new signature scheme has an interesting property that is has the message space of a cyclic group G 1 equipped with a bilinear pairing, with efficient protocol to show possession of a signature without revealing the signature nor the message. We show that the new scheme is secure in the generic group model. The new signature scheme may be of independent interest.

[1] Jan Camenisch,et al. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[2] Jan Camenisch,et al. Compact E-Cash , 2005, EUROCRYPT.

[3] Sébastien Canard,et al. On Fair E-cash Systems Based on Group Signature Schemes , 2003, ACISP.

[4] Aggelos Kiayias,et al. Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[5] Jan Camenisch,et al. Untraceable RFID tags via insubvertible encryption , 2005, CCS '05.

[6] Stefan A. Brands,et al. Untraceable Off-line Cash in Wallet with Observers , 2002 .

[7] Matthew Green,et al. Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[8] David Chaum,et al. Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[9] Aggelos Kiayias,et al. Traceable Signatures , 2004, EUROCRYPT.

[10] Oded Goldreich,et al. Zero-Knowledge twenty years after its invention , 2002, Electron. Colloquium Comput. Complex..

[11] Lan Nguyen,et al. Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[12] Ernest F. Brickell,et al. Trustee-based tracing extensions to anonymous cash and the making of anonymous change , 1995, SODA '95.

[13] Colin Boyd,et al. Fair Electronic Cash Based on a Group Signature Scheme , 2001, ICICS.