On Fair E-cash Systems Based on Group Signature Schemes

A fair electronic cash system is a system that allows customers to make payments anonymously. Moreover, under certain circumstances, a trusted authority can revoke the anonymity of suspicious transactions. Various fair e-cash systems using group signature schemes have been proposed [4,15,16,18]. Unfortunately, they do not realize coin tracing [4,15,18] (the possibility to trace the coins withdrawn by a customer). In this paper, we describe several failures in the solution of [16] and we present a secure and efficient fair e-cash system based on a group signature scheme. Our system ensures traceability of double-spenders, supports coin tracing and provides coins that are unforgeable and anonymous under standard assumptions.

[1]  Yiannis Tsiounis,et al.  Fair Off-Line e-cash Made Easy , 1998, ASIACRYPT.

[2]  Jan Camenisch,et al.  Fair Blind Signatures , 1995, EUROCRYPT.

[3]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[4]  Ernest F. Brickell,et al.  Trustee-based tracing extensions to anonymous cash and the making of anonymous change , 1995, SODA '95.

[5]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[6]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[7]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[8]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[9]  M. Yung,et al.  \indirect Discourse Proofs": Achieving Eecient Fair Oo-line E-cash , 1996 .

[10]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[11]  Jacques Traoré,et al.  Group Signatures and Their Relevance to Privacy-Protecting Off-Line Electronic Cash Systems , 1999, ACISP.

[12]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[13]  Dawu Gu,et al.  A New Offline Privacy Protecting E-cash System with Revokable Anonymity , 2002, ISC.

[14]  Ueli Maurer,et al.  Digital Payment Systems with Passive Anonymity-Revoking Trustees , 1996, ESORICS.

[15]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[16]  Yiannis Tsiounis,et al.  Anonymity Control in E-Cash Systems , 1997, Financial Cryptography.

[17]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[18]  Colin Boyd,et al.  Fair Electronic Cash Based on a Group Signature Scheme , 2001, ICICS.