International Conference on the Theory and Application of Cryptology and Information Security

ASIACRYPT 1998: Advances in Cryptology — ASIACRYPT’98 pp 257-270

Fair Off-Line e-Cash Made Easy

  • Yair Frankel
  • Yiannis Tsiounis
  • Moti Yung
Conference paper

DOI: 10.1007/3-540-49649-1_21

Volume 1514 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Frankel Y., Tsiounis Y., Yung M. (1998) Fair Off-Line e-Cash Made Easy. In: Ohta K., Pei D. (eds) Advances in Cryptology — ASIACRYPT’98. ASIACRYPT 1998. Lecture Notes in Computer Science, vol 1514. Springer, Berlin, Heidelberg


Anonymous off-line electronic cash (e-cash) systems provide transactions that retain the anonymity of the payer, similar to physical cash exchanges, without requiring the issuing bank to be on-line at payment. Fair off-line e-cash extend this capability to allow a qualified third party (a “trustee”) to revoke this anonymity under a warrant or other specified “suspicious” activity. Extensions for achieving fair off-line e-cash based on off-line e-cash require modularity to be applicable in general settings. Simplicity (for ease of understanding and implementation) and efficiency (for cost effectiveness) are of high importance, otherwise these generic extensions will be hard and costly to apply. Of course, security must also be guaranteed and understood, yet, to date, there have been no efficient systems that offer provable security.

A system which is (1) provably secure based on well understood assumptions, (2) efficient and (3) conceptually easy, is typically “elegant”. In this work we make a step towards elegant fair off-line e-cash system by proposing a system which is provably anonymous (i.e., secure for legitimate users) while its design is simple and its efficiency is similar to the most efficient systems to date. Security for the bank and shops is unchanged from the security of non-traceable e-cash. We also present ways to adapt the functionality of “fairness” into existing e-cash systems in a modular way, thus easing advancement and maintaining version compatibility; these extensions are also provably anonymous.


Electronic cashanonymity revocationdecision Diffie-Hellman
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Yair Frankel
    • 1
  • Yiannis Tsiounis
    • 2
  • Moti Yung
    • 1
  1. 1.CertCoNY
  2. 2.GTE Laboratories, Inc.Waltham