Universal Electronic Cash

  • Tatsuaki Okamoto
  • Kazuo Ohta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 576)


This paper proposes the first ideal untraceable electronic cash system which solves the most crucial problem inherent with real cash and all previous untraceable electronic cash systems. The main advantage of the new system is that the customer can subdivide his cash balance, C (dollars), into many pieces in any way he pleases until the total value of all subdivided piece equals C. This system can be implemented efficiently. In a typical implementation, the data size of one piece of electronic cash is less than 100 bytes regardless of the face value of piece, the computation time for each transaction is several seconds, assuming the existence of a Rabin scheme chip. The security of this scheme relies on the difficulty of factoring.


Smart Card Structure Table Cash Balance Digital Signature Scheme Jacobi Symbol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [Ber]
    E.R. Berlekamp, “Factoring Polynomials over Large Finite Fields,” Math. Comp., Vol.24, No.111, pp.713–735 (1970)CrossRefMathSciNetGoogle Scholar
  2. [Bl]
    M. Blum, “Coin flipping by telephone”, IEEE, COMPCON, pp.133–137 (1982)Google Scholar
  3. [Ch]
    D. Chaum, “Security without Identification: Transaction Systems to Make Big Brother Obsolete,” Comm. of the ACM, 28,10, pp.1030–1044 (1985)CrossRefGoogle Scholar
  4. [CFN]
    D. Chaum, A. Fiat and M. Naor, “Untraceable Electronic Cash,” Proc. of Crypto’88, pp.319–327 (1988)Google Scholar
  5. [CW]
    J.L. Carter and M.N. Wegman, “Universal Classes of Hash Functions,” Journal of Computer and System Sciences, 18, pp.143–154 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  6. [Da]
    I.B. Damgård, “Payment Systems and Credential Mechanisms with Provable Security Against Abuse by Individuals,” Proc. of Crypto’88, pp.328–335 (1988)Google Scholar
  7. [EGL]
    S. Even, O. Goldreich, A. Lempel: “A Randomized Protocol for Signing Contracts”, Proc. of Crypto’82, pp.205–210 (1982)Google Scholar
  8. [EGY]
    S. Even, O. Goldreich, Y. Yacobi: “Electronic Wallet”, Proc. of Crypto’83, pp.383–386 (1983)Google Scholar
  9. [FOM]
    A. Fujioka, T. Okamoto, S. Miyaguchi: “ESIGN: An Efficient Digital Signature Implementation for Smart Cards”, to appear in Proc. of Eurocrypt’91Google Scholar
  10. [H]
    B. Hayes, “Anonymous One-Time Signatures and Flexible Untraceable Electronic Cash,” Proc. of Auscrypt’90, pp.294–305 (1990)Google Scholar
  11. [OkOh1]
    T. Okamoto, and K. Ohta “Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash,” Proc. of Crypto’89, pp.481–496 (1989)Google Scholar
  12. [OkOh2]
    T. Okamoto, and K. Ohta “Divertible Zero-Knowledge Interactive Proofs and Commutative Random Self-Reducible,” Proc. of Eurocrypt’89 (1989)Google Scholar
  13. [PW]
    B. Pfitzmann, M. Waidner, “How to Break and Repair a “Provably Secure” Untraceable Payment System,” to appear in Proc. of Crypto’91Google Scholar
  14. [R]
    M.O. Rabin, “Digitalized Signatures and Public-Key Functions as Intractable as Factorization,” Tech. Rep., MIT/LCS/TR-212, MIT Lab. Comp. Sci., (1979)Google Scholar
  15. [W]
    H.C. Williams, “A Modification of the RSA Public-Key Encryption Procedure,” IEEE Trans. on Information Theory, Vol.IT-26, No.6, pp.726–729 (1980)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1992

Authors and Affiliations

  • Tatsuaki Okamoto
    • 1
  • Kazuo Ohta
    • 1
  1. 1.NTT LaboratoricsNippon Telegraph and Telephone CorporationKanagawa-kenJapan

Personalised recommendations