Retrofitting Fairness on the Original RSA-Based E-cash

  • Shouhuai Xu
  • Moti Yung
Conference paper

DOI: 10.1007/978-3-540-45126-6_4

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2742)
Cite this paper as:
Xu S., Yung M. (2003) Retrofitting Fairness on the Original RSA-Based E-cash. In: Wright R.N. (eds) Financial Cryptography. FC 2003. Lecture Notes in Computer Science, vol 2742. Springer, Berlin, Heidelberg


The notion of fair e-cash schemes was suggested and implemented in the last decade. It balances anonymity with the capability of tracing users and transactions in cases of crime or misbehavior. The issue was raised both, in the banking community and in the cryptographic literature. A number of systems were designed with an off-line fairness, where the tracing authorities get involved only when tracing is needed. However, none of them is based on the original RSA e-cash. Thus, an obvious question is whether it is possible to construct an efficient fair e-cash scheme by retrofitting the fairness mechanism on the original RSA-based scheme. The question is interesting from, both, a practical perspective (since investment has been put in developing software and hardware that implement the original scheme), and as a pure research issue (since retrofitting existing protocols with new mechanisms is, at times, harder than designing solutions from scratch). In this paper, we answer this question in the affirmative by presenting an efficient fair off-line e-cash scheme based on the original RSA-based one.


E-cash Fairness Conditional Anonymity RSA 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Shouhuai Xu
    • 1
  • Moti Yung
    • 2
  1. 1.Dept. of Information and Computer ScienceUniversity of California at IrvineUSA
  2. 2.Dept. of Computer ScienceColumbia UniversityUSA

Personalised recommendations