Advertisement

Compact E-Cash

  • Jan Camenisch
  • Susan Hohenberger
  • Anna Lysyanskaya
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)

Abstract

This paper presents efficient off-line anonymous e-cash schemes where a user can withdraw a wallet containing 2 coins each of which she can spend unlinkably. Our first result is a scheme, secure under the strong RSA and the y-DDHI assumptions, where the complexity of the withdrawal and spend operations is \({\mathcal O}(\ell + k)\) and the user’s wallet can be stored using \({\mathcal O}(\ell + k)\) bits, where k is a security parameter. The best previously known schemes require at least one of these complexities to be \({\mathcal O}(2^{\rm \ell}\cdot k)\). In fact, compared to previous e-cash schemes, our whole wallet of 2 coins has about the same size as one coin in these schemes. Our scheme also offers exculpability of users, that is, the bank can prove to third parties that a user has double-spent. We then extend our scheme to our second result, the first e-cash scheme that provides traceable coins without a trusted third party. That is, once a user has double spent one of the 2 coins in her wallet, all her spendings of these coins can be traced. However, the price for this is that the complexity of the spending and of the withdrawal protocols becomes \({\mathcal O}(\ell \cdot k)\) and \({\mathcal O}(\ell \cdot k+k^{2})\) bits, respectively, and wallets take \({\mathcal O}(\ell \cdot k)\) bits of storage. All our schemes are secure in the random oracle model.

Keywords

Signature Scheme Random Oracle Blind Signature Trusted Third Party Random Oracle Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full conference paper text

References

  1. 1.
    Asokan, N., Slioup, V., Waidner, M.: Optimistic fair exchange of digital signa¬tures. IEEE Journal on Selected Areas in Communications 18(4), 591–610 (2000)CrossRefGoogle Scholar
  2. 2.
    Ateniese, G., Fu, K., Green, M., Hohenberger, S.: Improved Proxy Re-encryption Schemes with Applications to Secure Distributed Storage. In: NDSS 2005, pp. 29–43 (2005), http://eprint.iacr.org/2005/028
  3. 3.
    Barić, N., Pfitzmann, B.: Collision-free accumulators and fail-stop signature schemes without trees. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 480–494. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 54–73. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Boneh, D., Boyen, X., Shacham, H.: Short group signatures using strong Diffie-Hellman. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Brands, S.: Electronic cash systems based on the representation problem in groups of prime order. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 26.1-26.15. Springer, Heidelberg (1993)Google Scholar
  8. 8.
    Brands, S.: Rapid demonstration of linear relations connected by boolean operators. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 318–333. Springer, Heidelberg (1997)Google Scholar
  9. 9.
    Brands, S.: Rethinking Public Key Infrastructure and Digital Certificates— Building in Privacy. PhD thesis, Eindhoven Inst, of Tech. The Netherlands (1999)Google Scholar
  10. 10.
    Brickell, E., Gemmel, P., Kravitz, D.: Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In: SIAM, pp. 457–466 (1995)Google Scholar
  11. 11.
    Camenisch, J., Damgård, I.: Verifiable encryption, group encryption, and their applications to group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Camenisch, J., Groth, J.: Group signatures: Better efficiency and new theoretical aspects. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 120–133. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact E-Cash (2005), Full version, available at http://eprint.iacr.org/2005/060
  14. 14.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Camenisch, J., Lysyanskaya, A.: Signature schemes and anonymous credentials from bilinear maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)Google Scholar
  16. 16.
    Camenisch, J., Michels, M.: Proving in zero-knowledge that a number n is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999)Google Scholar
  17. 17.
    Camenisch, J., Michels, M.: Separability and efficiency for generic group signature schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 413–430. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Sommer, G., Daniilidis, K., Pauli, J. (eds.) CAIP 1997. LNCS, vol. 1296, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
  20. 20.
    Camenisch, J.L.: Group Signature Schemes and Payment Systems Based on the Discrete Logarithm Problem. PhD thesis, ETH Zurich (1998)Google Scholar
  21. 21.
    Chan, A.H., Frankel, Y., Tsiounis, Y.: Easy come - easy go divisible cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO 1982, pp. 199–203. Plenum Press, New York (1982) Google Scholar
  23. 23.
    Chaum, D.: Blind signature systems. In: CRYPTO 1983, pp. 153-156. Plenum, New York (1983)Google Scholar
  24. 24.
    Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  25. 25.
    Chaum, D.: Online cash checks. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 288–293. Springer, Heidelberg (1989)Google Scholar
  26. 26.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)Google Scholar
  27. 27.
    Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)Google Scholar
  28. 28.
    Cramer, R., Damgard, I., Schoenmakers, B.: Proofs of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  29. 29.
    Damgård, I., Fujisaki, E.: In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, Springer. Heidelberg (2002)CrossRefGoogle Scholar
  30. 30.
    Dodis, Y.: Efficient construction of (distributed) verifiable random functions. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 1–17. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  31. 31.
    Dodis, Y., Yampolsky, A.: A Verifiable Random Function with Short Proofs an Keys. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1986)Google Scholar
  33. 33.
    Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)Google Scholar
  34. 34.
    Jarecki, S., Shmatikov, V.: Handcuffing big brother: an abuse-resilient transaction escrow scheme. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 590–608. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  35. 35.
    Kiayias, A., Tsiounis, Y., Yung, M.: Traceable signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 571–589. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  36. 36.
    Naor, M., Reingold, O.: Number-theoretic constructions of efficient pseudorandom functions. Journal of the ACM 51(2), 231–262 (2004)CrossRefMathSciNetGoogle Scholar
  37. 37.
    Okamoto, T., Ohta, K.: Disposable zero-knowledge authentications and their applications to untraceable elec. cash. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 481–496. Springer, Heidelberg (1990)Google Scholar
  38. 38.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar
  39. 39.
    Schnorr, C.P.: Efficient signature generation for smart cards. Journal of Cryptology 4(3), 239–252 (1991)CrossRefMathSciNetGoogle Scholar
  40. 40.
    Stadler, M., Piveteau, J.-M., Camenisch, J.: Fair blind signatures. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 209–219. Springer, Heidelberg (1995)Google Scholar
  41. 41.
    Tsiounis, Y.S.: Efficient Electonic Cash: New Notions and Techniques. PhD thesis, Northeastern University, Boston, Massachusetts (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Susan Hohenberger
    • 2
  • Anna Lysyanskaya
    • 3
  1. 1.Zurich Research LaboratoryIBM ResearchRüschlikonSwitzerland
  2. 2.CSAILMassachusetts Institute of TechnologyCambridgeUSA
  3. 3.Computer Science DepartmentBrown UniversityProvidenceUSA

Personalised recommendations

Cite paper