Anonymity control in E-cash systems
Conference paper First Online: 19 July 2005
Part of the
Lecture Notes in Computer Science
book series (LNCS, volume 1318) Abstract
Electronic cash, and other cryptographic payment systems, offer a level of user anonymity during a purchase, in order to emulate electronically the properties of physical cash exchange. However, it has been noted that there are crime-prevention situations where anonymity of notes is undesirable; in addition there may be regulatory and legal constraints limiting anonymous transfer of funds. Thus pure anonymity of users may be, in certain settings, unacceptable and thus a hurdle to the progress of electronic commerce.
The conceptual contribution of this work is based on the claim that given the legal, social, technical and efficiency constraints that are imposed, anonymity should be treated as a
Control Parameter facilitating flexibility of the level of privacy of note holders (determined by the dynamic conditions and constraints).
In light of this parameterization, we review recently developed technical tools for tracing and anonymity revocation (e.g., owner tracing and coin tracing). We elaborate on the differences in the various technologies with respect to security assumptions and we discuss practical considerations of computational, bandwidth and storage requirements for user, shop, bank and trustees as well as whether the trustees must be on-line or off-line. We also claim that while anonymity revocation can potentially reduce crime it can also produce instances where the severity of the crime is increased as criminals try to social engineer around tracing revocation. To prevent this we suggest the notion of “distress cash.” the technical side, we provide efficiency improvements to a protocol for coin tracing and point at a technical solution for distress cash.
Research performed while at Sandia National Laboratories. This work was performed under U.S. Department of Energy Contract number DE-AC04-76AL85000.
Research performed while at Northeastern University, Boston, MA.
Information Security Committee of the Section on Science American Bar Association and Technology. Draft digital signature guidelines, January 1996. Available online at http://www.state.ut.us/ccii/digsig/dsut-gl.htm The guidelines are currently being revised.
E. F. Brickell, P. Gemmell, and D. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In
Symposium on Distributed Algorithms (SODA)
, Albuquerque, NM, 1995. Available at http://www.cs.sandia.gov/dsur-psgemme/.
S. Brands. Untraceable off-line cash in wallets with observers. In
Advances in Cryptology-Crypto '93, Proceedings (Lecture Notes in Computer Science 773)
, pages 302–318. Springer-Verlag, 1993. Available at http://www.cwi.nl/ftp/brands/crypto93.ps.Z.
A. Chan, Y. Frankel, P. MacKenzie, and Y. Tsiounis. Mis-representation of identities in e-cash schemes and how to prevent it. In
Advances in Cryptology-Proceedings of Asiacrypt '96 (Lecture Notes in Computer Science 1163)
, pages 276–285, Kyongju, South Korea, November 3–7 1996. Springer-Verlag. Available at http://www.ccs.neu.edu/home/yiannis/pubs.html.
D. Chaum, Amos Fiat, and Moni Naor. Untraceable electronic cash. In
Advances in Cryptology-Crypto '88 (Lecture Notes in Computer Science)
, pages 319–327. Springer-Verlag, 1990.
D. Chaum. Blind signatures for untraceable payments.In D. Chaum, R.L. Rivest, and A. T. Sherman, editors,
Advances in Cryptology. Proc. Crypto'82
, pages 199–203, Santa Barbara, 1983. Plenum Press N. Y.
J. Camenisch, U. Maurer, and M. Stadler. Digital payment systems with passive anonymity-revoking trustees. In
, Italy, 1996. To appear. Available at http://www.inf.ethz.ch/personal/camenisc/publications.html.
D. Chaum and T.P. Pedersen. Transferred cash grows in size. In
Advances in Cryptology-Eurocrypt '92, Proceedings (Lecture Notes in Computer Science 658)
, pages 390–407. Springer-Verlag, 1993.
D. Chaum and T.P. Pedersen. Wallet databases with observers.In E. Brickell, editor,
Advances in Cryptology-Crypto '92, Proceedings (Lecture Notes in Computer Science)
, pages 90–106. Springer-Verlag, New York, 1993. Santa Barbara, California.
R. Cramer and T. Pedersen. Improved privacy in wallets with observers. In
Advances in Cryptology: Eurocrypt '93, Proceedings (Lecture Notes in Computer Science 765)
, pages 329–343. Springer-Verlag, 1993. [CPS96] J. Camenisch, J. M. Piveteau, and M. Stadler. An efficient fair payment system. ACM-CCS, March 1996.
S. D'amingo and G. Di Crescenzo. Methodology for digital money based on general cryptographic tools. In
Advances in Cryptology, Proc. of Eurocrypt '94
, pages 157–170. Springer-Verlag, 1994. Italy, 1994.
T. Eng and T. Okamoto. Single-term divisible electronic coins. In
Advances in Cryptology-Eurocrypt '94, Proceedings
, pages 306–319, New York, 1994. Springer-Verlag.
N. Ferguson. Single term off-line coins. Technical Report CS-119318, CWI (Centre for Mathematics and Computer Science), Amsterdam, 1993. Anonymous ftp: ftp.cwi.nl:/pub/CWlreports/AA/CS-R9318.ps.Z.
A. M. Froomkin. The essential role of trusted third parties in electronic commerce, October 14 1996. Available on-line at http://www.law.cornell.edu/jol/froomkin.html.
A. M. Froomkin.Flood control on the information ocean: living with anonymity, digital cash, and distributed databases, 1996. Available on-line at http://www.law.cornell.edu/jol/froomkin.html.
Y. Frankel, Y. Tsiounis, and M. Yung. Indirect discourse proofs: achieving fair off-line e-cash. In
Advances in Cryptology, Proc. of Asiacrypt '96 (Lecture Notes in Computer Science 1163)
, pages 286–300, Kyongju, South Korea, November 3–7 1996. Springer-Verlag. International patent pending. Available at http://www.ccs.neu.edu/home/yiaimis/pubs.html.
M. Franklin and M. Yung. Secure and efficient off-line digital money. In
Proceedings of the twentieth International Colloquium on Automata, Languages and Programming (ICALP 1993), (Lecture Notes in Computer Sci ence 700)
, pages 265–276. Springer-Verlag, 1993. Lund, Sweden, July 1993.
M. Franklin and M. Yung. Blind weak signature and its applications: Putting non-cryptographic computation to work. In
Advances in Cryptology, Proc. of Eurocrypt 94, (Lecture Notes in Computer Science)
, Springer-Verlag, pages 71–83, Perugia, Italy, May 9–12, 1994.
M. Jakobson and M. Yung. Revokable and versatile e-money. In
Proceedings of the third annual ACM Symp. on Computer and Communication Security
, March 1996.
M. Jakobson and M. Yung. Distributed “magic ink” signatures. In
Proceedings of Eurocrypt 97 (Lecture Notes in Computer Science), Springer-Verlag
L. Law, S. Sabett, and J. Solinas. How to make a mint: the cryptography of anonymous electronic cash. No. 96-10-17, National Security Agency, Office of Information Security Research and Technology, Cryptology Division, June 18 1996. For a copy e-mail to 21stCen@ffhsj.com or call at (202) 639-7200. See also the 21st Century Banking Alert page at URL: http://www.ffhsj.com/bancmail/bancpage.html.
D. M'Raihi. Cost-effective payment schemes with privacy regulation. In
Advances in Cryptology. Proc. of Asiacrypt '96 (Lecture Notes in Computer Science 1163)
, Kyongju, South Korea, November 3–7 1996. Springer-Verlag.
T. Okamoto. An efficient divisible electronic cash scheme. In Don Coppersmith, editor,
Advances in Cryptology, Proc. of Crypto '95 (Lecture Notes in Computer Science 963)
, pages 438–451. Springer-Verlag, 1995. Santa Barbara, California, U.S.A., August 27–31.
T. Okamoto and K. Ohta. Universal electronic cash. In
Advances in Cryptology-Crypto '91 (Lecture Notes in Computer Science)
, pages 324–337. Springer-Verlag, 1992.
J. C. Pailles. New protocols for electronic money. In
Proceedings of Ausicrypt '92
, pages 263–274, 1993.
B. Pfitzmann and M. Waidner. How to break and repair a ‘provably secure’ untraceable payment system. In J. Feigenbaum, editor,
Advances in Cryptology, Proc. of Crypto '91 (Lecture Notes in Computer Science 576)
, pages 338–350. Springer-Verlag, 1992.
C. P. Schnorr. Efficient signature generation by smart cards.
Journal of Cryptology
, 4(3):161–174, 1991.
CrossRef Google Scholar
G. J. Simmons. The prisoners' problem and the subliminal channel. In D. Chaum, editor,
Advances in Cryptology. Proc. of Crypto 83
, pages 51–67. Plenum Press N.Y., 1984. Santa Barbara, California, August 1983.
D. Simon. Anonymous communication and anonymous cash. In Neal Koblitz, editor,
Advances in Cryptology, Proc. of Crypto '96 (Lecture Notes in Computer Science 1109)
, pages 61–73, Santa Barbara, California, August 1996. Springer-Verlag.
M. Stadler, J. M. Piveteau, and J. Camenisch. Fair blind signatures. In
Advances in Cryptology, Proc. of Eurocrypt '95
, pages 209–219. Springer-Verlag, 1995.
Utah State. Digital signature act. Utah code ann. tit. 46, ch. 3, 1995. Amended in 1996. Digital Signature Act Amendments, 52nd Leg., Gen. Sess., 1996 Utah Laws 188 (to be codified at Utah Code Ann. tit. 46, ch. 3). History and Current Status are available online at http://www.state.ut.us/ccjj/digsig/dsut-int.htm.
M. Stadler. Publicly verifiable secret sharing. In
Advances in Cryptology, Proc. of Eurocrypt '96
, pages 190–199. Springer-Verlag, 1996.
Efficient Electronic Cash: New Notions and Techniques
. PhD thesis, College of Computer Science, Northeastern University, Boston, MA, 1997. See http://www.ccs.neu.edu/home/yiannis for information on availability.
B. von Solms and D. Naccache. On blind signatures and perfect crimes.
Computers and Security
, 11(6):581–583, October 1992.
CrossRef Google Scholar