“Indirect discourse proofs”: Achieving efficient Fair Off-Line e-cash
Cryptography has been instrumental in reducing the involvement of over-head third parties in protocols. For example; a digital signature scheme assures a recipient that a judge who is not present at message transmission will nevertheless approve the validity of the signature. Similarly, in off-line electronic cash the bank (which is off-line during a purchase) is assured that if a user double spends he will be traced.
Here we suggest the notion of Indirect Discourse Proofs with which one can prove indirectly yet efficiently that a third party has a certain future capability (i.e., assure Trustees can trace). The efficient proofs presented here employ algebraic properties of exponentiation (or functions of similar homomorphic nature).
Employing this idea we present the concept of “Fair Off-Line e-Cash” (FOLC) system which enables tracing protocols for identifying either the coin or its owner. Recently, the need to trace and identify coins with owners/withdrawals was identified (to avoid blackmailing and money laundering). Previous solutions that assured this traceability (called fair e-cash as they balance the need for anonymity and the prevention of criminal activities) involved third parties at money withdrawals. In contrast, FOLC keeps any third party uninvolved, thus it is “fully off-line e-cash” even when law enforcement is added (i.e., it is off-line w.r.t. law enforcement at withdrawals and off-line w.r.t. the bank at payments).
Unable to display preview. Download preview PDF.
- [BGK95]E. F. Brickell, P. Gemmell, and D. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Symposium on Distributed Algorithms (SODA), 1995.Google Scholar
- [Bra93a]S. Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI (Centre for Mathematics and Computer Science), Amsterdam, 1993.Google Scholar
- [Bra93b]S. Brands. Untraceable off-line cash in wallets with observers. In Advances in Cryptology — Crypto '93, Proceedings (Lecture Notes in Computer Science 773), pages 302–318. Springer-Verlag, 1993.Google Scholar
- [CEvdGP87]D. Chaum, J.-H. Evertse, J. van de Graaf, and R. Peralta. Demonstrating possession of a discrete logarithm without revealing it. In Advances in Cryptology. Proc. of Crypto '86 (Lecture Notes in Computer Science 263), pages 200–212. Springer-Verlag, 1987.Google Scholar
- [CF85]J. C. Benaloh (Cohen) and M.J. Fischer. A robust and verifiable cryptographically secure election scheme. Symp. on Foundations of Computer Science (FOCS), 1985.Google Scholar
- [CFN90]D. Chaum, Amos Fiat, and Moni Naor. Untraceable electronic cash. In Advances in Cryptology — Crypto '88 (Lecture Notes in Computer Science), pages 319–327. Springer-Verlag, 1990.Google Scholar
- [Fer93a]N. Ferguson. Extensions of single term off-line coins. In Advances in Cryptology — CRYPTO '93, (Lecture Notes in Computer Science 773), pages 292–301. Springer-Verlag, 1993.Google Scholar
- [Fer93b]N. Ferguson. Single term off-line coins. In Advances in Cryptology — EUROCRYPT '93, (Lecture Notes in Computer Science 765), pages 318–328. Springer-Verlag, 1993.Google Scholar
- [FY93]M. Franklin and M. Yung. Secure and efficient off-line digital money. In Proceedings of the 20-th International Colloquium on Automata, Languages and Programming (ICALP 1993), (Lecture Notes in Computer Science 700), pages 265–276. Springer-Verlag, 1993. Lund, Sweden, July 1993.Google Scholar
- [IR89]R. Impagliazzo and S. Rudich. Limits on the provable consequences of one-way permutations. In Proceedings of the 21-st ACM Symp. Theory of Computing, STOC, pages 44–61, May 15–17 1989.Google Scholar
- [JY96]M. Jakobson and M. Yung. Revokable and versatile e-money. In Proceedings of the third ACM Symp. on Computer and Communication Security, 1996.Google Scholar
- [Oka95]T. Okamoto. An efficient divisible electronic cash scheme. In Advances in Cryptology, Proc. of Crypto '95 (Lecture Notes in Computer Science 963), pages 438–451. Springer-Verlag, 1995.Google Scholar
- [OO92]T. Okamoto and K. Ohta. Universal electronic cash. In Advances in Cryptology — Crypto '91 (Lecture Notes in Computer Science), pages 324–337. Springer-Verlag, 1992.Google Scholar
- [PS96]D. Pointcheval and J. Stern. Security proofs for signature schemes. In U. Maurer, editor, Advances in Cryptology, Proc. of Eurocrypt '96, pages 387–398. Springer-Verlag, 1996. Zaragoza, Spain, May 11–16.Google Scholar
- [ref96]Annonymous referee, 1996. Asiacrypt '96 program committee comment.Google Scholar
- [Sha49]C. E. Shannon. Communication theory of secrecy systems. Bell System Techn. Jour., 28:656–715, October 1949.Google Scholar
- [SPC95]M. Stadler, J. M. Piveteau, and J. Camenisch. Fair blind signatures. In Advances in Cryptology, Proc. of Eurocrypt '95, pages 209–219. Springer-Verlag, 1995.Google Scholar
- [Sta96a]M. Stadler, 1996. Personal communication.Google Scholar
- [Sta96b]M. Stadler. Publicly verifiable secret sharing. In Advances in Cryptology, Proc. of Eurocrypt '96, pages 190–199. Springer-Verlag, 1996.Google Scholar
- [Yac95]Y. Yacobi. Efficient electronic money. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology, Proc. of Asiacrypt '94 (Lecture Notes in Computer Science 917), pages 153–163. Springer-Verlag, 1995. Wollongong, Australia, Nov. 28–Dec. 1.Google Scholar