Automated Verification of e-Cash Protocols

  • Jannik Dreier
  • Ali KassemEmail author
  • Pascal Lafourcade
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 585)


Electronic cash (e-cash) permits secure e-payments by providing security and anonymity similar to real cash. Several protocols have been proposed to meet security and anonymity properties of e-cash. However, there are no general formal definitions that allow the automatic verification of e-cash protocols. In this paper, we propose a formal framework to define and verify security properties of e-cash protocols. To this end, we model e-cash protocols in the applied \(\pi \)-calculus, and we formally define five relevant security properties. Finally, we validate our framework by analyzing, using the automatic tool ProVerif, four e-cash protocols: the online and the offline Chaum protocols, the Digicash protocol, and the protocol by Petersen and Poupard.


e-Cash Formal verification Double spending Exculpability Privacy Applied \(\pi \)-calculus ProVerif 


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: The 28th Symposium on Principles of Programming Languages, UK, pp. 104–115. ACM (2001)Google Scholar
  2. 2.
    Abe, M., Fujisaki, E.: How to date blind signatures. In: Kim, K.-C., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 244–251. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  3. 3.
    Aboud, S.J., Agoun, A.: Analysis of a known offline e-coin system. Int. J. Comput. Appl. 98(15), 27–30 (2014)Google Scholar
  4. 4.
    Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW 2014), Canada, pp. 82–96 (2001)Google Scholar
  6. 6.
    Brands, S.: Untraceable off-line cash in wallets with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994). CrossRefGoogle Scholar
  7. 7.
    Canard, S., Gouget, A.: Anonymity in transferable e-cash. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 207–223. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology: Proceedings of CRYPTO 1982, pp. 199–203. Springer, US (1983)Google Scholar
  9. 9.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  10. 10.
    Cheng, C.Y., Yunus, J., Seman, K.: Estimations on the security aspect of brand’s electronic cash scheme. In: 19th International Conference on Advanced Information Networking and Applications (AINA 2005), Taipei, Taiwan, 28–30 March 2005, pp. 131–134 (2005)Google Scholar
  11. 11.
    Crescenzo, G.D.: A non-interactive electronic cash system. In: Bonuccelli, M.A., Crescenzi, P., Petreschi, R. (eds.) CIAC 1994. LNCS, vol. 778, pp. 109–124. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  12. 12.
    Damgård, I.B.: Payment systems and credential mechanisms with provable security against abuse by individuals. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 328–335. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  13. 13.
    D’Amiano, S., Di Crescenzo, G.: Methodology for digital money based on general cryptographic tools. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 156–170. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  14. 14.
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17, 435–487 (2009). zbMATHGoogle Scholar
  15. 15.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Dreier, J., Kassem, A., Lafourcade, P.: Formal analysis of e-cash protocols. In: Proceedings of the 12th International Conference on Security and Cryptography, SECRYPT 2015, Colmar, Alsace, France, 20–22 July 2015, pp. 65–75 (2015).
  17. 17.
    Fan, C.I., Huang, V.S.M., Yu, Y.C.: User efficient recoverable off-line e-cash scheme with fast anonymity revoking. Math. Comput. Modell. 58(1–2), 227–237 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Ferguson, N.: Single term off-line coins. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 318–328. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  19. 19.
    Kim, S., Oh, H.: A new electronic check system with reusable refunds. Int. J. Inf. Sec. 1(3), 175–188 (2002). CrossRefzbMATHGoogle Scholar
  20. 20.
    Küsters, R., Truderung, T.: Reducing protocol analysis with xor to the xor-free case in the horn theory based approach. J. Autom. Reason. 46(3), 325–352 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Luo, Z., Cai, X., Pang, J., Deng, Y.: Analyzing an electronic cash protocol using applied pi calculus. In: Katz, J., Yung, M. (eds.) ACNS 2007. LNCS, vol. 4521, pp. 87–103. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Ogiela, M.R., Sulkowski, P.: Improved cryptographic protocol for digital coin exchange. In: Soft Computing and Intelligent Systems (SCIS), pp. 1148–1151 (2014)Google Scholar
  23. 23.
    Peterson, H., Poupard, G.: Efficient scalable fair cash with off-line extortion prevention. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334. Springer, Heidelberg (1997)Google Scholar
  24. 24.
    Pfitzmann, B., Schunter, M., Waidner, M.: How to break another “Provably Secure” payment system. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 121–132. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  25. 25.
    Pfitzmann, B., Waidner, M.: How to break and repair a “Provably Secure” untraceable payment system. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 338–350. Springer, Heidelberg (1992)Google Scholar
  26. 26.
    Schoenmakers, B.: Security aspects of the Ecash\(^{\rm TM}\) payment system. In: Preneel, B., Rijmen, V. (eds.) COSIC 1997 Course. LNCS, vol. 1528, pp. 338–352. Springer, Heidelberg (1998)Google Scholar
  27. 27.
    Swe, A.T., Kyaw, K.K.K.: Formal analysis of secure e-cash transaction protocol. In: International Conference on Advances in Engineering and Technology, ICAET 2014, Singapore (2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Jannik Dreier
    • 1
    • 2
    • 3
  • Ali Kassem
    • 4
    • 5
    Email author
  • Pascal Lafourcade
    • 6
  1. 1.InriaVillers-lés-NancyFrance
  2. 2.CNRS, Loria, UMR 7503Vandoeuvre-lés-NancyFrance
  3. 3.Université de Lorraine, Loria, UMR 7503Vandoeuvre-lés-NancyFrance
  4. 4.University Grenoble Alpes, VERIMAGGrenobleFrance
  5. 5.Ascola Team (Mines Nantes, Inria, Lina) DAPIÉcole des Mines de NantesNantesFrance
  6. 6.University Clermont Auvergne, LIMOSClermont-FerrandFrance

Personalised recommendations