Flow Control: A New Approach for Anonymity Control in Electronic Cash Systems
Anonymity features of electronic payment systems are im- portant for protecting privacy in an electronic world. However, complete anonymity prevents monitoring financial transactions and following the money trail, which are important tools for fighting serious crimes. To solve these type of problems several “escrowed cash” systems, that allow a “Trustee” to trace electronic money, were suggested. In this paper we suggest a completely different approach to anonymity control based on the fact that law enforcement is mainly concerned with large anonymous electronic payments. We describe a payment system that effectively lim- its the amount of money a user can spend anonymously in a given time frame. To achieve this we describe a technique to make electronic money strongly non-transferable. Our payment system protects the privacy of the honest user who plays by the rules, while introducing significant hurdles for several criminal abuses of the system.
KeywordsSmart Card Signature Scheme Payment System Money Laundering Blind Signature
Unable to display preview. Download preview PDF.
- 1.S. Brands An efficient off-line electronic cash system based on the representation problem. In 246. Centrum voor Wiskunde en Informatica (CWI), ISSN 0169-118X, December 31 1993. AA (Department of Algorithmics and Architecture), CS-R9323, URL=http://ftp.cwi.nl/pub/CWIreports/AA/CS-R9323.ps.Z.
- 2.S. Brands Untraceable off-line cash in wallet with observers. In Douglas R. Stinson, editor, Crypto 93, volume 773 of LNCS, pages 302–318. SV, 1993.Google Scholar
- 3.Ernie Brickell, Peter Gemmell, and David Kravitz Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA’95), pages 457–466. Sandia National Labs, January 1995.Google Scholar
- 4.J. Camenisch, U. Maurer, and M. Stadler Digital payment systems with passive anonymity-revoking trustees. Lecture Notes in Computer Science, 1146:33, 1996.Google Scholar
- 6.I. Damgard Payment systems and credential mechanisms with provable security against abuse by individuals. In S. Goldwasser, editor, Crypto 88, LNCS, pages 328–335, Santa Barbara, CA, USA, August 1990. SV.Google Scholar
- 8.G. Davida, Y. Frankel, Y. Tsiounis, and Moti Yung Anonymity control in E-cash systems. In Rafael Hirschfeld, editor, Financial Cryptography: First International Conference, FC’ 97, volume 1318 of Lecture Notes in Computer Science, pages 1–16, Anguilla, British West Indies, 24-28 February 1997. Springer-Verlag.Google Scholar
- 9.C. Dwork, J. Lotspiech, and M. Naor Digitalsignets: Self-enforcing protection of digital information. In Proceedings of The Twenty-Eighth Annual ACM Symposium On The Theory Of Computing (STOC’ 96), pages 489–498, New York, USA, May 1996. ACM Press.Google Scholar
- 10.O. Goldreich, S. Micali, and A. Wigderson How to play ANY mental game. In Alfred Aho, editor, Proceedings of the 19th Annual ACM Symposium on Theory of Computing, pages 218–229, New York City, NY, May 1987. ACM Press.Google Scholar
- 12.M. Jakobsson and D. M’Raihi Mix-based electronic payments. In Fifth Annual Workshop on Selected Areas in Cryptography, 1998.Google Scholar
- 13.M. Jakobsson and M. Yung Revokable and versatile electronic mony. In Clifford Neuman, editor, 3rd ACM Conference on Computer and Communications Security, pages 76–87, New Delhi, India, March 1996. ACM Press.Google Scholar
- 14.A. Juels, M. Luby, and R. Ostrovsky Security of blind digital signatures. In CRYPTO: Proceedings of Crypto, 1997.Google Scholar
- 15.R.C. Molander, D.A. Mussington, and P. Wilson. Cyberpayments and money laundering. RAND, 1998. http://www.rand.org/publications/MR/MR965/MR965.pdf/.
- 16.S. Morris Contribution to the panel “a session on electronic money: Threat to law enforcement, privacy, freedom, or all three? ” at the sixth conference on computers, freedom, and privacy (cfp96), cambridge, ma. available as RealAudio document at http://swissnet.ai.mit.edu/ switz/cfp96/plenary-money.html, 1996.
- 18.T. Okamoto and K. Ohta.Disposable zero-knowledge authentications and their applications to untraceable electronic cash. In Advances in Cryptology: CRYPTO’ 89, pages 481–497, Berlin, August 1990. Springer.Google Scholar
- 19.T. Okamoto and K. Ohta Universal electronic cash. In Joan Feigenbaum, editor, Proceedings of Advances in Cryptology (CRYPTO’ 91), volume 576 of LNCS, pages 324–337, Berlin, Germany, August 1992. Springer.Google Scholar
- 20.B. Pfitzmann and M. Waidner How to break and repair a “provably secure” untraceable payment system. In Joan Feigenbaum, editor, Proceedings of Advances in Cryptology (CRYPTO’ 91), volume 576 of LNCS, pages 338–350, Berlin, Germany, August 1992. Springer.Google Scholar
- 21.D. Pointcheval and J. Stern Security proofs for signature schemes. In Ueli Maurer, editor, Advances in Cryptology-EUROCRYPT 96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer-Verlag, 12-16 May 1996.Google Scholar
- 22.T. Sander and A. Ta-Shma Auditable, counterfeiting resistant electronic cash. In preparation.Google Scholar
- 24.Paul F. Syverson, Stuart G. Stubblebine, and David M. Goldschlag Unlinkable serial transactions. In Rafael Hirschfeld, editor, Financial Cryptography:First International Conference, FC’ 97, volume 1318 of Lecture Notes in Computer Science, pages 39–55, Anguilla, British West Indies, 24-28 February 1997. Springer-Verlag.Google Scholar
- 26.A. Yao How to generate and exchange secrets. In 27th Annual Symposium on Foundations of Computer Science, pages 162–167, Los Angeles, Ca., USA, October 1986. IEEE Computer Society Press.Google Scholar