Transferable Optimal-size Fair E-cash with Optimal Anonymity

Transferable electronic cash (e-cash) allows the recipient of a coin in a transaction to transfer it in a later payment transaction to the third person. The transferability is a desirable property in many applications. However, in the existing transferable e-cash, the size of coins is constant at the cost of increasing the users' burden and not satisfying the optimal anonymity. On the other hand, the e-cash protocol with optimal anonymity has the drawback that the size of coins grows linearly in the number of transfers. In this paper, a transferable optimal-size e-cash is proposed using a different structure, that is, coins are divided into two parts. The new scheme achieves the optimal anonymity, i.e., it satisfies Observe-then-Receive Full Anonymity (OtR-FA), Spend-then-Observe Full Anonymity (StO-FA) and Spend-then-Receive Full Anonymity (StR-FA). Meanwhile, the users has not to keep in memory the data associated to all past transactions. At last, the security proof of the new scheme is given in the standard model.

[1]  Sébastien Canard,et al.  Improvement of Efficiency in (Unconditional) Anonymous Transferable E-Cash , 2008, Financial Cryptography.

[2]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[3]  Zhoujun Li,et al.  Anonymous Transferable Conditional E-cash , 2012, SecureComm.

[4]  Georg Fuchsbauer,et al.  Commuting Signatures and Verifiable Encryption , 2011, EUROCRYPT.

[5]  Essam Ghadafi,et al.  Formalizing Group Blind Signatures and Practical Constructions without Random Oracles , 2013, ACISP.

[6]  Georg Fuchsbauer,et al.  Structure-Preserving Signatures and Commitments to Group Elements , 2010, Journal of Cryptology.

[7]  Georg Fuchsbauer,et al.  Automorphic Signatures in Bilinear Groups and an Application to Round-Optimal Blind Signatures , 2009, IACR Cryptol. ePrint Arch..

[8]  Sébastien Canard,et al.  Anonymity in Transferable E-cash , 2008, ACNS.

[9]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[10]  Zhoujun Li,et al.  Multiple-Bank E-Cash without Random Oracles , 2013, CSS.

[11]  Mihir Bellare,et al.  An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem , 2004, EUROCRYPT.

[12]  Kazuo Ohta,et al.  Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash , 1989, CRYPTO.

[13]  Georg Fuchsbauer,et al.  Achieving Optimal Anonymity in Transferable E-Cash with a Judge , 2011, AFRICACRYPT.

[14]  Tatsuaki Okamoto,et al.  Universal Electronic Cash , 1991, CRYPTO.

[15]  Georg Fuchsbauer,et al.  Transferable Constant-Size Fair E-Cash , 2009, IACR Cryptol. ePrint Arch..

[16]  Sébastien Canard,et al.  Fair E-Cash: Be Compact, Spend Faster , 2009, ISC.

[17]  Bogdan Warinschi,et al.  Groth-Sahai proofs revisited , 2010, IACR Cryptol. ePrint Arch..

[18]  David Chaum,et al.  Transferred Cash Grows in Size , 1992, EUROCRYPT.