Trustee Tokens: Simple and Practical Anonymous Digital Coin Tracing

We introduce a trustee-based tracing mechanism for anonymous digital cash that is simple, efficient, and provably secure relative to its underlying cryptographic primitives. In contrast to previous schemes, ours may be built on top of a real-world anonymous cash system, such as the DigiCash™ system, with minimal modification to the underlying protocols. In addition, our scheme involves no change to the structure of the coins. On the other hand, our scheme requires user interaction with a trustee, while many other such systems do not. This interaction occurs infrequently, however, and is efficient both in terms of computation and storage requirements. Our scheme also achieves more limited security guarantees in the presence of malicious trustees than many other systems do. While this is a disadvantage, it represents a tradeoff enabling us to achieve the high level of practicality of our system.

[1]  Markus Jakobsson,et al.  Applying Anti-Trust Policies to Increase Trust in a Versatile E-Money System , 1997, Financial Cryptography.

[2]  Matthew K. Franklin,et al.  Efficient generation of shared RSA keys , 2001, JACM.

[3]  Tal Rabin,et al.  A Simplified Approach to Threshold and Proactive RSA , 1998, CRYPTO.

[4]  Markus Jakobsson,et al.  Revokable and versatile electronic money (extended abstract) , 1996, CCS '96.

[5]  Jan Camenisch,et al.  Fair Blind Signatures , 1995, EUROCRYPT.

[6]  Markus Jakobsson,et al.  Distributed "Magic Ink" Signatures , 1997, EUROCRYPT.

[7]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[8]  Ernest F. Brickell,et al.  Trustee-based tracing extensions to anonymous cash and the making of anonymous change , 1995, SODA '95.

[9]  Jan Camenisch,et al.  An efficient fair payment system , 1996, CCS '96.

[10]  David M'Raïhi,et al.  Distributed Trustees and Revocability: A Framework for Internet Payment , 1998, Financial Cryptography.

[11]  Michael Luby,et al.  Pseudorandomness and cryptographic applications , 1996, Princeton computer science notes.

[12]  Berry Schoenmakers Basic Security of the ecash Payment System , 1997 .

[13]  Markus Jakobsson,et al.  X-Cash: Executable Digital Cash , 1998, Financial Cryptography.

[14]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[15]  Ueli Maurer,et al.  Digital Payment Systems With Passive Anonymity-Revoking Trustees , 1996, J. Comput. Secur..

[16]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[17]  Matthew K. Franklin,et al.  Efficient Generation of Shared RSA Keys (Extended Abstract) , 1997, CRYPTO.

[18]  Yiannis Tsiounis,et al.  Anonymity Control in E-Cash Systems , 1997, Financial Cryptography.

[19]  Rafail Ostrovsky,et al.  Security of Blind Digital Signatures (Extended Abstract) , 1997, CRYPTO.

[20]  Yiannis Tsiounis,et al.  "Indirect Discourse Proof": Achieving Efficient Fair Off-Line E-cash , 1996, ASIACRYPT.

[21]  Mihir Bellare,et al.  XOR MACs: New Methods for Message Authentication Using Finite Pseudorandom Functions , 1995, CRYPTO.

[22]  David Naccache,et al.  On blind signatures and perfect crimes , 1992, Comput. Secur..

[23]  Berry Schoenmakers,et al.  Security Aspects of the EcashTM Payment System , 1997, State of the Art in Applied Cryptography.

[24]  David M'Raïhi,et al.  Cost-Effective Payment Schemes with Privacy Regulation , 1996, ASIACRYPT.

[25]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[26]  Rafail Ostrovsky,et al.  Security of blind digital signatures , 1997 .

[27]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.