EUROCRYPT 2005: Advances in Cryptology – EUROCRYPT 2005 pp 302-321

# Compact E-Cash

• Jan Camenisch
• Susan Hohenberger
• Anna Lysyanskaya
Conference paper

DOI: 10.1007/11426639_18

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)
Cite this paper as:
Camenisch J., Hohenberger S., Lysyanskaya A. (2005) Compact E-Cash. In: Cramer R. (eds) Advances in Cryptology – EUROCRYPT 2005. EUROCRYPT 2005. Lecture Notes in Computer Science, vol 3494. Springer, Berlin, Heidelberg

## Abstract

This paper presents efficient off-line anonymous e-cash schemes where a user can withdraw a wallet containing 2 coins each of which she can spend unlinkably. Our first result is a scheme, secure under the strong RSA and the y-DDHI assumptions, where the complexity of the withdrawal and spend operations is $${\mathcal O}(\ell + k)$$ and the user’s wallet can be stored using $${\mathcal O}(\ell + k)$$ bits, where k is a security parameter. The best previously known schemes require at least one of these complexities to be $${\mathcal O}(2^{\rm \ell}\cdot k)$$. In fact, compared to previous e-cash schemes, our whole wallet of 2 coins has about the same size as one coin in these schemes. Our scheme also offers exculpability of users, that is, the bank can prove to third parties that a user has double-spent. We then extend our scheme to our second result, the first e-cash scheme that provides traceable coins without a trusted third party. That is, once a user has double spent one of the 2 coins in her wallet, all her spendings of these coins can be traced. However, the price for this is that the complexity of the spending and of the withdrawal protocols becomes $${\mathcal O}(\ell \cdot k)$$ and $${\mathcal O}(\ell \cdot k+k^{2})$$ bits, respectively, and wallets take $${\mathcal O}(\ell \cdot k)$$ bits of storage. All our schemes are secure in the random oracle model.

## Authors and Affiliations

• Jan Camenisch
• 1
• Susan Hohenberger
• 2
• Anna Lysyanskaya
• 3
1. 1.Zurich Research LaboratoryIBM ResearchRüschlikonSwitzerland
2. 2.CSAILMassachusetts Institute of TechnologyCambridgeUSA
3. 3.Computer Science DepartmentBrown UniversityProvidenceUSA