On the Anonymity of Fair Offline E-cash Systems
Fair off-line electronic cash (FOLC) schemes [5, 29] have been introduced for preventing misuse of anonymous payment systems by criminals. In these schemes, the anonymity of suspicious transactions can be revoked by a trusted authority.
One of the most efficient FOLC system has been proposed by de Solages and Traoré  at Financial Cryptography’98. Unfortunately, in their scheme, the security for legitimate users (i.e., anonymity) is not clearly established (i.e., based on a standard assumption).
At Asiacrypt’98, Frankel, Tsiounis and Yung  improved the security of  by proposing a fair cash scheme for which they prove anonymity under the Decision Diffie-Hellman (DDH) assumption.
In this paper, we show that Frankel et al. failed to prove that their scheme satisfies the anonymity property. We focus here on this security problem and investigate the relationships between different notions of indistinguishability in the context of fair electronic cash. As a result, we prove under the DDH assumption, that a straightforward variant of , which is more simple and efficient than , is secure for users. This proof relies on the subsequent result of Handschuh, Tsiounis and Yung  showing equivalences between general decision and matching problems. Our proof is somewhat generic and can be used to prove that  is secure as well.
Unable to display preview. Download preview PDF.
- 2.Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
- 5.Brickell, E., Gemmel, P., Kravitz, D.: Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In: Proceedings of the 6th Annual Symposium on Discrete Algorithm, pp. 457–466 (January 1995)Google Scholar
- 7.Camenisch, J., Maurer, U., Stadler, M.: Digital payment systems with passive anonymity-revoking trustees. Journal of Computer Security 5(1). IOS Press (1997)Google Scholar
- 8.Camenisch, J., Piveteau, J.M., Stadler, M.: An efficient fair payment system. In: Proceedings of 3rd ACM Conference on Computer and Communications Security, pp. 88–94. ACM Press, New York (1996)Google Scholar
- 14.El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31(4), 469–472 (1985)Google Scholar
- 20.Jakobsson, M., Yung, M.: Revokable and versatile electronic money. In: Proceedings of 3rd ACM Conference on Computer and Communications Security, pp. 76–87. ACM Press, New York (1996)Google Scholar
- 24.Meier, L.: Special aspects of escrowed-based e-cash systems, Master’s Thesis, Universit ät des Saarlandes (March 2000)Google Scholar
- 25.Okamoto, T., Ohta, K.: Divertible Zero-Knowledge Interactive Proofs and Commutative Random Self-Reducibility. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 481–496. Springer, Heidelberg (1990)Google Scholar