Efficient scalable fair cash with off-line extortion prevention

There have been many proposals to realize anonymous electronic cash. Although these systems offer high privacy to the users, they have the disadvantage that the anonymity might be misused by criminals to commit perfect crimes. The recent research focuses therefore on the realization of fair electronic cash systems where the anonymity of the coins is revocable by a trustee in the case of fraudulent users. In this paper, we propose a new efficient fair cash system which offers scalable security with respect to its efficiency. Our system prevents extortion attacks, like blackmailing or the use of blindfolding protocols under off-line payments and with the involvement of the trustee only at registration of the users. Another advantage is, that it is assembled from well studied cryptographic techniques, such that its security can easily be evaluated. The strength of this approach is clearly its simplicity. Although it might astonish the reader that the design matters little from existing schemes, it is nevertheless the first scheme offering these properties.

[1]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[2]  Adi Shamir,et al.  An Efficient Identification Scheme Based on Permuted Kernels (Extended Abstract) , 1989, CRYPTO.

[3]  Torben P. Pedersen Electronic Payments of Small Amounts , 1995, Security Protocols Workshop.

[4]  Masayuki Abe,et al.  How to Date Blind Signatures , 1996, ASIACRYPT.

[5]  David Chaum,et al.  Advances in Cryptology , 1983, Springer US.

[6]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[7]  Jan Camenisch,et al.  Fair Blind Signatures , 1995, EUROCRYPT.

[8]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[9]  Charalampos Manifavas,et al.  NetCard - A Practical Electronic-Cash System , 1996, Security Protocols Workshop.

[10]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[11]  Jacques Stern,et al.  New Blind Signatures Equivalent to Factorization , 1997, CCS 1997.

[12]  Claus-Peter Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1990, EUROCRYPT.

[13]  Ernest F. Brickell,et al.  Trustee-based tracing extensions to anonymous cash and the making of anonymous change , 1995, SODA '95.

[14]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[15]  David Naccache,et al.  On blind signatures and perfect crimes , 1992, Comput. Secur..

[16]  Hideki Imai,et al.  ON SEEKING SMART PUBLIC-KEY-DISTRIBUTION SYSTEMS. , 1986 .

[17]  Tatsuaki Okamoto,et al.  Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes , 1992, CRYPTO.

[18]  Birgit Pfitzmann,et al.  Strong Loss Tolerance for Untraceable Electronic Coin Systems , 1995 .

[19]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[20]  Markus Jakobsson,et al.  Revokable and versatile electronic money (extended abstract) , 1996, CCS '96.

[21]  Matthew Franklin Towards Provably Secure Eecient Electronic Cash (extended Abstract) , 1992 .

[22]  Rainer A. Rueppel,et al.  Modern key agreement techniques , 1994, Comput. Commun..

[23]  Markus Stadler,et al.  Cryptographic protocols for revocable privacy , 1996 .

[24]  David M'Raïhi,et al.  Can D.S.A. be Improved? Complexity Trade-Offs with the Digital Signature Standard , 1994, EUROCRYPT.

[25]  Jacques Stern,et al.  An Efficient Pseudo-Random Generator Provably as Secure as Syndrome Decoding , 1996, EUROCRYPT.

[26]  David M'Raïhi,et al.  Cost-Effective Payment Schemes with Privacy Regulation , 1996, ASIACRYPT.

[27]  S. Brands An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[28]  Yiannis Tsiounis,et al.  "Indirect Discourse Proof": Achieving Efficient Fair Off-Line E-cash , 1996, ASIACRYPT.

[29]  Tatsuaki Okamoto,et al.  Practical Escrow Cash System , 1996, Security Protocols Workshop.

[30]  Jan Camenisch,et al.  An efficient fair payment system , 1996, CCS '96.

[31]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[32]  S. Brands Oo-line Electronic Cash Based on Secret-key Certiicates , 1995 .

[33]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[34]  Yiannis Tsiounis,et al.  Anonymity Control in E-Cash Systems , 1997, Financial Cryptography.

[35]  R. A. Rueppel,et al.  Message recovery for signature schemes based on the discrete logarithm problem , 1994, EUROCRYPT.

[36]  Patrick Horster,et al.  Meta-ElGamal signature schemes , 1994, CCS '94.

[37]  Associazione elettrotecnica ed elettronica italiana,et al.  European transactions on telecommunications and related technologies , 1990 .

[38]  Jacques Stern,et al.  On the Length of Cryptographic Hash-Values Used in Identification Schemes , 1994, CRYPTO.

[39]  Mihir Bellare,et al.  iKP - A Family of Secure Electronic Payment Protocols , 1995, USENIX Workshop on Electronic Commerce.

[40]  M. Yung,et al.  \indirect Discourse Proofs": Achieving Eecient Fair Oo-line E-cash , 1996 .

[41]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[42]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[43]  Chae Hoon Lim,et al.  Several Practical Protocols for Authentication and Key Exchange , 1995, Inf. Process. Lett..

[44]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[45]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[46]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[47]  Patrick Horster,et al.  Meta-Message Recovery and Meta-Blind Signature Schemes Based on the Discrete Logarithm Problem and Their Applications , 1994, ASIACRYPT.

[48]  Patrick Horster,et al.  Self-certified keys — Concepts and Applications , 1997 .

[49]  Michael Waidner,et al.  Development of a Secure Electronic Marketplace for Europe , 1996, ESORICS.

[50]  Berry Schoenmakers An efficient electronic payment system withstanding parallel attacks , 1995 .

[51]  David Chaum,et al.  Transferred Cash Grows in Size , 1992, EUROCRYPT.

[52]  Peter Wayner,et al.  Digital cash - commerce on the net , 1995 .

[53]  Jacques Stern,et al.  Designing Identification Schemes with Keys of Short Size , 1994, CRYPTO.

[54]  P A Putland,et al.  Electronic payment systems , 1997 .

[55]  Markus Stadler,et al.  An Eecient Fair Payment System , 1996 .

[56]  Stefan BrandsCWI,et al.  Untraceable Oo-line Cash in Wallets with Observers , 1993 .

[57]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[58]  Ueli Maurer,et al.  Digital Payment Systems with Passive Anonymity-Revoking Trustees , 1996, ESORICS.

[59]  Markus Jakobsson,et al.  Applying Anti-Trust Policies to Increase Trust in a Versatile E-Money System , 1997, Financial Cryptography.