Unlinkable Divisible Electronic Cash
Recently, some divisible electronic cash (e-cash) systems have been proposed. However, in existing divisible e-cash systems, efficiency or unlinkability is not sufficiently accomplished. In the existing efficient divisible cash systems, all protocols are conducted in the order of the polynomial of logN where N is the divisibility precision (i.e., (the total coin amount)/ (minimum divisible unit amount)), but payments divided from a coin are linkable (i.e., anyone can decide whether the payments are made by the same payer). The linked payments help anyone to trace the payer, if N is large. On the other hand, in the existing unlinkable divisible e-cash system, the protocols are conducted in the order of the polynomial of N, and thus it is inefficient for large N. In this paper, an unlinkable divisible e-cash system is proposed, where all protocols are conducted in the order of (logN)2.
KeywordsElectronic cash Divisibility Unlinkability Group signature
Unable to display preview. Download preview PDF.
- 1.Pfitzmann, B. and Waidner, M.: How to Break and Repair a “Provably Secure” Untraceable Payment System, Advances in Cryptology-CRYPTO’91, LNCS 576, Springer-Verlag, pp. 338–350 (1992).Google Scholar
- 2.Okamoto, T.: An Efficient Divisible Electronic Cash Scheme, Advances in Cryptology-CRYPTO’95, LNCS 963, Springer-Verlag, pp. 438–451 (1995).Google Scholar
- 4.Nakanishi, T., Haruna, N. and Sugiyama, Y.: Unlinkable Electronic Coupon Protocol with Anonymity Control, Proc. of Second International Information Security Workshop, ISW’99, LNCS 1729, Springer-Verlag, pp. 37–46 (1999).Google Scholar
- 5.Fujisaki, E. and Okamoto, T.: Practical Escrow Cash Schemes, IEICE trans. on Fundamentals., Vol. E81-A, No. 1, pp. 11–19 (1998).Google Scholar
- 7.Frankel, Y. D. Y.: Threshold Cryptosystems, Advances in Cryptology-CRYPTO’89, LNCS 435, Springer-Verlag, pp. 307–315 (1990).Google Scholar
- 9.Fiat, A. and Shamir, A.: How To Prove Yourself: Practical Solutions to Identification and Signature Problems, Advances in Cryptology-CRYPTO’ 86, LNCS 263, Springer-Verlag, pp. 186–194 (1987).Google Scholar
- 10.Bellare, M. and Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, Proc. of First Annual Conference on Computer and Communications Security, Association for Computing Machinery, pp. 62–73 (1993).Google Scholar
- 11.Stadler, M.: Publicly Verifiable Secret Sharing, Advances in Cryptology-EU-ROCRYPT’96, LNCS 1070, Springer-Verlag, pp. 190–199 (1996).Google Scholar
- 12.ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms, Advances in Cryptology-CRYPTO’84, LNCS 196, Springer-Verlag, pp. 10–18 (1985).Google Scholar
- 13.Chaum, D.: Blind Signatures for Untraceable Payments, Advances in Cryptology: Proceedings of CRYPTO’ 82, Plenum Press, pp. 199–203 (1983).Google Scholar