A faster single-term divisible electronic cash: ZCash

Abstract This paper presented a new unlinkable, single-term divisible electronic cash scheme, whose name is ZCash. This scheme overcomes the problems of previous schemes through its greater efficiency and the unlinkability of every cash it generates. Compared with Okamoto’s scheme [Advances in Cryptology—Crypto ’95, Springer, New York, 1995: 438–451] and Chan’s scheme [Advances in Cryptology—Eurocrypt ’98, Springer, New York, 1998: 561–575] (the two best known E-cash schemes), ZCash achieve higher efficiency by not using range-bounded commitment schemes. In addition, to prove the correctness of the blind candidate, we use some simple zero-knowledge protocols instead of the Account Opening protocol and Electronic License. By using the indirect disclosure proof in the payment protocol, ZCash realizes revocable anonymity, which allows a trustee to trace the owner of the E-cash according to its payment transcript. ZCash is the first E-cash scheme which realizes both divisibility and revocable anonymity.

[1]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[2]  Andrew Odlyzko,et al.  Advances in Cryptology — CRYPTO’ 86 , 2000, Lecture Notes in Computer Science.

[3]  Jean Claude Paillès New Protocols for Electronic Money , 1992, AUSCRYPT.

[4]  Shafi Goldwasser,et al.  Advances in Cryptology — CRYPTO’ 88: Proceedings , 1990, Lecture Notes in Computer Science.

[5]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[6]  Yiannis Tsiounis,et al.  Fair Off-Line e-cash Made Easy , 1998, ASIACRYPT.

[7]  Tatsuaki Okamoto,et al.  An Efficient Divisible Electronic Cash Scheme , 1995, CRYPTO.

[8]  Kwangjo Kim,et al.  Advances in Cryptology — ASIACRYPT '96 , 1996, Lecture Notes in Computer Science.

[9]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[10]  Tatsuaki Okamoto,et al.  Universal Electronic Cash , 1991, CRYPTO.

[11]  Niels Ferguson,et al.  Single Term Off-Line Coins , 1994, EUROCRYPT.

[12]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[13]  Stefan A. Brands,et al.  Untraceable Off-line Cash in Wallet with Observers , 2002 .

[14]  Joan Feigenbaum,et al.  Advances in Cryptology-Crypto 91 , 1992 .

[15]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[16]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[17]  Yiannis Tsiounis,et al.  Easy Come - Easy Go Divisible Cash , 1998, EUROCRYPT.

[18]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[19]  David Chaum,et al.  Demonstrating Possession of a Discrete Logarithm Without Revealing It , 1986, CRYPTO.

[20]  Jennifer Seberry,et al.  Advances in Cryptology — AUSCRYPT '92 , 1992, Lecture Notes in Computer Science.

[21]  Yiannis Tsiounis,et al.  Mis-representation of Identities in E-cash Schemes and how to Prevent it , 1996, ASIACRYPT.

[22]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[23]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[24]  Yi Mu,et al.  A New Digital Cash Scheme Based on Blind Nyberg-Rueppel Digital Signature , 1997, ISW.