On the Anonymity of Fair Offline E-cash Systems

  • Matthieu Gaud
  • Jacques Traoré
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2742)


Fair off-line electronic cash (FOLC) schemes [5, 29] have been introduced for preventing misuse of anonymous payment systems by criminals. In these schemes, the anonymity of suspicious transactions can be revoked by a trusted authority.

One of the most efficient FOLC system has been proposed by de Solages and Traoré [13] at Financial Cryptography’98. Unfortunately, in their scheme, the security for legitimate users (i.e., anonymity) is not clearly established (i.e., based on a standard assumption).

At Asiacrypt’98, Frankel, Tsiounis and Yung [17] improved the security of [13] by proposing a fair cash scheme for which they prove anonymity under the Decision Diffie-Hellman (DDH) assumption.

In this paper, we show that Frankel et al. failed to prove that their scheme satisfies the anonymity property. We focus here on this security problem and investigate the relationships between different notions of indistinguishability in the context of fair electronic cash. As a result, we prove under the DDH assumption, that a straightforward variant of [13], which is more simple and efficient than [17], is secure for users. This proof relies on the subsequent result of Handschuh, Tsiounis and Yung [19] showing equivalences between general decision and matching problems. Our proof is somewhat generic and can be used to prove that [17] is secure as well.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abe, M., Ohkubo, M.: Provably secure fair blind signatures with tight revocation. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 583–601. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
  3. 3.
    Boneh, D.: The Decision Diffie-Hellman Problem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 48–63. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. 4.
    Brands, S.: Untraceable Off-Line Cash in Wallets with Observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  5. 5.
    Brickell, E., Gemmel, P., Kravitz, D.: Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In: Proceedings of the 6th Annual Symposium on Discrete Algorithm, pp. 457–466 (January 1995)Google Scholar
  6. 6.
    Camenisch, J., Maurer, U., Stadler, M.: Digital payment systems with passive anonymity-revoking trustees. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 33–43. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  7. 7.
    Camenisch, J., Maurer, U., Stadler, M.: Digital payment systems with passive anonymity-revoking trustees. Journal of Computer Security 5(1). IOS Press (1997)Google Scholar
  8. 8.
    Camenisch, J., Piveteau, J.M., Stadler, M.: An efficient fair payment system. In: Proceedings of 3rd ACM Conference on Computer and Communications Security, pp. 88–94. ACM Press, New York (1996)Google Scholar
  9. 9.
    Camenisch, J., Stadler, M.: Efficient group signatures for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  10. 10.
    Chaum, D., Pedersen, T.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  11. 11.
    Cramer, R., Pedersen, T.: Improved privacy in wallets with observers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 329–343. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  12. 12.
    Davida, G., Frankel, Y., Tsiounis, Y., Yung, M.: Anonymity Control in E-Cash Systems. In: Luby, M., Rolim, J.D.P., Serna, M. (eds.) FC 1997. LNCS, vol. 1318, pp. 1–16. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  13. 13.
    de Solages, A., Traoré, J.: An Efficient Fair Off-Line Electronic Cash System with Extensions to Checks and Wallets with Observers. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 275–295. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory IT-31(4), 469–472 (1985)Google Scholar
  15. 15.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  16. 16.
    Frankel, Y., Tsiounis, Y., Yung, M.: Indirect discourse proofs: achieving fair offline electronic cash. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 244–251. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  17. 17.
    Frankel, Y., Tsiounis, Y., Young, M.: Fair Off-Line e-cash Made Easy. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 257–270. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  18. 18.
    Franklin, M., Yung, M.: Secure and efficient off-line digital money. In: Lingas, A., Carlsson, S., Karlsson, R. (eds.) ICALP 1993. LNCS, vol. 700, pp. 265–276. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  19. 19.
    Handschuh, H., Tsiounis, Y., Yung, M.: Decision oracles are equivalent to Matching oracles. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 276–289. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Jakobsson, M., Yung, M.: Revokable and versatile electronic money. In: Proceedings of 3rd ACM Conference on Computer and Communications Security, pp. 76–87. ACM Press, New York (1996)Google Scholar
  21. 21.
    Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  22. 22.
    Juels, A.: Trustee tokens: simple and practical anonymous digital coin tracing. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, pp. 29–45. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  23. 23.
    Kügler, D., Vogt, H.: Off-line payments with auditable tracing. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Meier, L.: Special aspects of escrowed-based e-cash systems, Master’s Thesis, Universit ät des Saarlandes (March 2000)Google Scholar
  25. 25.
    Okamoto, T., Ohta, K.: Divertible Zero-Knowledge Interactive Proofs and Commutative Random Self-Reducibility. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 481–496. Springer, Heidelberg (1990)Google Scholar
  26. 26.
    Pfitzmann, B., Sadeghi, A.-R.: Self-escrowed cash against user blackmailing. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 42–52. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  27. 27.
    Pointcheval, D., Stern, J.: Security proofs for signatures schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  28. 28.
    Schnorr, C.P.: Efficient Signature Generation by Smart Cards. Journal of Cryptology 4(3), 161–174 (1991)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Stadler, M., Piveteau, J.M., Camenisch, J.: Fair Blind Signatures. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 209–219. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  30. 30.
    Traoré, J.: Group signatures and their relevance to privacy-protecting off-line electronic cash systems. In: Pieprzyk, J.P., Safavi-Naini, R., Seberry, J. (eds.) ACISP 1999. LNCS, vol. 1587, pp. 228–243. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  31. 31.
    Tsiounis, Y., Yung, M.: On the security of El Gamal-based encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  32. 32.
    von Solms, S., Naccache, D.: On blind signatures and perfect crimes. Computer & Security 11, 581–583 (1992)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Matthieu Gaud
    • 1
  • Jacques Traoré
    • 1
  1. 1.France Télécom R&DCaenFrance

Personalised recommendations