Date: 24 Sep 2002

Fair Off-Line e-Cash Made Easy


Anonymous off-line electronic cash (e-cash) systems provide transactions that retain the anonymity of the payer, similar to physical cash exchanges, without requiring the issuing bank to be on-line at payment. Fair off-line e-cash extend this capability to allow a qualified third party (a “trustee”) to revoke this anonymity under a warrant or other specified “suspicious” activity. Extensions for achieving fair off-line e-cash based on off-line e-cash require modularity to be applicable in general settings. Simplicity (for ease of understanding and implementation) and efficiency (for cost effectiveness) are of high importance, otherwise these generic extensions will be hard and costly to apply. Of course, security must also be guaranteed and understood, yet, to date, there have been no efficient systems that offer provable security.

A system which is (1) provably secure based on well understood assumptions, (2) efficient and (3) conceptually easy, is typically “elegant”. In this work we make a step towards elegant fair off-line e-cash system by proposing a system which is provably anonymous (i.e., secure for legitimate users) while its design is simple and its efficiency is similar to the most efficient systems to date. Security for the bank and shops is unchanged from the security of non-traceable e-cash. We also present ways to adapt the functionality of “fairness” into existing e-cash systems in a modular way, thus easing advancement and maintaining version compatibility; these extensions are also provably anonymous.