Advances in Cryptology — ASIACRYPT '96

Volume 1163 of the series Lecture Notes in Computer Science pp 286-300


“Indirect discourse proofs”: Achieving efficient Fair Off-Line e-cash

  • Yair FrankelAffiliated withSandia National Laboratories
  • , Yiannis TsiounisAffiliated withCollege of Computer Science, Northeastern University
  • , Moti YungAffiliated withIBM T.J. Watson Research Center

* Final gross prices may vary according to local VAT.

Get Access


Cryptography has been instrumental in reducing the involvement of over-head third parties in protocols. For example; a digital signature scheme assures a recipient that a judge who is not present at message transmission will nevertheless approve the validity of the signature. Similarly, in off-line electronic cash the bank (which is off-line during a purchase) is assured that if a user double spends he will be traced.

Here we suggest the notion of Indirect Discourse Proofs with which one can prove indirectly yet efficiently that a third party has a certain future capability (i.e., assure Trustees can trace). The efficient proofs presented here employ algebraic properties of exponentiation (or functions of similar homomorphic nature).

Employing this idea we present the concept of “Fair Off-Line e-Cash” (FOLC) system which enables tracing protocols for identifying either the coin or its owner. Recently, the need to trace and identify coins with owners/withdrawals was identified (to avoid blackmailing and money laundering). Previous solutions that assured this traceability (called fair e-cash as they balance the need for anonymity and the prevention of criminal activities) involved third parties at money withdrawals. In contrast, FOLC keeps any third party uninvolved, thus it is “fully off-line e-cash” even when law enforcement is added (i.e., it is off-line w.r.t. law enforcement at withdrawals and off-line w.r.t. the bank at payments).