“Indirect discourse proofs”: Achieving efficient Fair Off-Line e-cash

  • Yair Frankel
  • Yiannis Tsiounis
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1163)


Cryptography has been instrumental in reducing the involvement of over-head third parties in protocols. For example; a digital signature scheme assures a recipient that a judge who is not present at message transmission will nevertheless approve the validity of the signature. Similarly, in off-line electronic cash the bank (which is off-line during a purchase) is assured that if a user double spends he will be traced.

Here we suggest the notion of Indirect Discourse Proofs with which one can prove indirectly yet efficiently that a third party has a certain future capability (i.e., assure Trustees can trace). The efficient proofs presented here employ algebraic properties of exponentiation (or functions of similar homomorphic nature).

Employing this idea we present the concept of “Fair Off-Line e-Cash” (FOLC) system which enables tracing protocols for identifying either the coin or its owner. Recently, the need to trace and identify coins with owners/withdrawals was identified (to avoid blackmailing and money laundering). Previous solutions that assured this traceability (called fair e-cash as they balance the need for anonymity and the prevention of criminal activities) involved third parties at money withdrawals. In contrast, FOLC keeps any third party uninvolved, thus it is “fully off-line e-cash” even when law enforcement is added (i.e., it is off-line w.r.t. law enforcement at withdrawals and off-line w.r.t. the bank at payments).


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BGK95]
    E. F. Brickell, P. Gemmell, and D. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Symposium on Distributed Algorithms (SODA), 1995.Google Scholar
  2. [Bra93a]
    S. Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, CWI (Centre for Mathematics and Computer Science), Amsterdam, 1993.Google Scholar
  3. [Bra93b]
    S. Brands. Untraceable off-line cash in wallets with observers. In Advances in Cryptology — Crypto '93, Proceedings (Lecture Notes in Computer Science 773), pages 302–318. Springer-Verlag, 1993.Google Scholar
  4. [CEvdGP87]
    D. Chaum, J.-H. Evertse, J. van de Graaf, and R. Peralta. Demonstrating possession of a discrete logarithm without revealing it. In Advances in Cryptology. Proc. of Crypto '86 (Lecture Notes in Computer Science 263), pages 200–212. Springer-Verlag, 1987.Google Scholar
  5. [CF85]
    J. C. Benaloh (Cohen) and M.J. Fischer. A robust and verifiable cryptographically secure election scheme. Symp. on Foundations of Computer Science (FOCS), 1985.Google Scholar
  6. [CFN90]
    D. Chaum, Amos Fiat, and Moni Naor. Untraceable electronic cash. In Advances in Cryptology — Crypto '88 (Lecture Notes in Computer Science), pages 319–327. Springer-Verlag, 1990.Google Scholar
  7. [E1G85]
    T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inform. Theory, 31:469–472, 1985.CrossRefGoogle Scholar
  8. [Fer93a]
    N. Ferguson. Extensions of single term off-line coins. In Advances in Cryptology — CRYPTO '93, (Lecture Notes in Computer Science 773), pages 292–301. Springer-Verlag, 1993.Google Scholar
  9. [Fer93b]
    N. Ferguson. Single term off-line coins. In Advances in Cryptology — EUROCRYPT '93, (Lecture Notes in Computer Science 765), pages 318–328. Springer-Verlag, 1993.Google Scholar
  10. [FY93]
    M. Franklin and M. Yung. Secure and efficient off-line digital money. In Proceedings of the 20-th International Colloquium on Automata, Languages and Programming (ICALP 1993), (Lecture Notes in Computer Science 700), pages 265–276. Springer-Verlag, 1993. Lund, Sweden, July 1993.Google Scholar
  11. [GM84]
    S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28(2):270–299, April 1984.CrossRefGoogle Scholar
  12. [IR89]
    R. Impagliazzo and S. Rudich. Limits on the provable consequences of one-way permutations. In Proceedings of the 21-st ACM Symp. Theory of Computing, STOC, pages 44–61, May 15–17 1989.Google Scholar
  13. [JY96]
    M. Jakobson and M. Yung. Revokable and versatile e-money. In Proceedings of the third ACM Symp. on Computer and Communication Security, 1996.Google Scholar
  14. [Oka95]
    T. Okamoto. An efficient divisible electronic cash scheme. In Advances in Cryptology, Proc. of Crypto '95 (Lecture Notes in Computer Science 963), pages 438–451. Springer-Verlag, 1995.Google Scholar
  15. [OO92]
    T. Okamoto and K. Ohta. Universal electronic cash. In Advances in Cryptology — Crypto '91 (Lecture Notes in Computer Science), pages 324–337. Springer-Verlag, 1992.Google Scholar
  16. [PS96]
    D. Pointcheval and J. Stern. Security proofs for signature schemes. In U. Maurer, editor, Advances in Cryptology, Proc. of Eurocrypt '96, pages 387–398. Springer-Verlag, 1996. Zaragoza, Spain, May 11–16.Google Scholar
  17. [ref96]
    Annonymous referee, 1996. Asiacrypt '96 program committee comment.Google Scholar
  18. [Sch91]
    C. P. Schnorr. Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161–174, 1991.CrossRefGoogle Scholar
  19. [Sha49]
    C. E. Shannon. Communication theory of secrecy systems. Bell System Techn. Jour., 28:656–715, October 1949.Google Scholar
  20. [SPC95]
    M. Stadler, J. M. Piveteau, and J. Camenisch. Fair blind signatures. In Advances in Cryptology, Proc. of Eurocrypt '95, pages 209–219. Springer-Verlag, 1995.Google Scholar
  21. [Sta96a]
    M. Stadler, 1996. Personal communication.Google Scholar
  22. [Sta96b]
    M. Stadler. Publicly verifiable secret sharing. In Advances in Cryptology, Proc. of Eurocrypt '96, pages 190–199. Springer-Verlag, 1996.Google Scholar
  23. [vSN92]
    B. von Solms and D. Naccache. On blind signatures and perfect crimes. Computers and Security, 11(6):581–583, October 1992.CrossRefGoogle Scholar
  24. [Yac95]
    Y. Yacobi. Efficient electronic money. In J. Pieprzyk and R. Safavi-Naini, editors, Advances in Cryptology, Proc. of Asiacrypt '94 (Lecture Notes in Computer Science 917), pages 153–163. Springer-Verlag, 1995. Wollongong, Australia, Nov. 28–Dec. 1.Google Scholar

Copyright information

© Springer-Verlag 1996

Authors and Affiliations

  • Yair Frankel
    • 1
  • Yiannis Tsiounis
    • 2
  • Moti Yung
    • 3
  1. 1.Sandia National LaboratoriesAlbquerque
  2. 2.College of Computer ScienceNortheastern UniversityBoston
  3. 3.IBM T.J. Watson Research CenterUSA

Personalised recommendations