Unlinkable Divisible Electronic Cash

  • Toru Nakanishi
  • Yuji Sugiyama
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1975)


Recently, some divisible electronic cash (e-cash) systems have been proposed. However, in existing divisible e-cash systems, efficiency or unlinkability is not sufficiently accomplished. In the existing efficient divisible cash systems, all protocols are conducted in the order of the polynomial of logN where N is the divisibility precision (i.e., (the total coin amount)/ (minimum divisible unit amount)), but payments divided from a coin are linkable (i.e., anyone can decide whether the payments are made by the same payer). The linked payments help anyone to trace the payer, if N is large. On the other hand, in the existing unlinkable divisible e-cash system, the protocols are conducted in the order of the polynomial of N, and thus it is inefficient for large N. In this paper, an unlinkable divisible e-cash system is proposed, where all protocols are conducted in the order of (logN)2.


Electronic cash Divisibility Unlinkability Group signature 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Pfitzmann, B. and Waidner, M.: How to Break and Repair a “Provably Secure” Untraceable Payment System, Advances in Cryptology-CRYPTO’91, LNCS 576, Springer-Verlag, pp. 338–350 (1992).Google Scholar
  2. 2.
    Okamoto, T.: An Efficient Divisible Electronic Cash Scheme, Advances in Cryptology-CRYPTO’95, LNCS 963, Springer-Verlag, pp. 438–451 (1995).Google Scholar
  3. 3.
    Chan, A., Frankel, Y. and Tsiounis, Y.: Easy Come-Easy Go Divisible Cash, Advances in Cryptology-EUROCRYPT’98, LNCS 1403, Springer-Verlag, pp. 561–575 (1998).CrossRefGoogle Scholar
  4. 4.
    Nakanishi, T., Haruna, N. and Sugiyama, Y.: Unlinkable Electronic Coupon Protocol with Anonymity Control, Proc. of Second International Information Security Workshop, ISW’99, LNCS 1729, Springer-Verlag, pp. 37–46 (1999).Google Scholar
  5. 5.
    Fujisaki, E. and Okamoto, T.: Practical Escrow Cash Schemes, IEICE trans. on Fundamentals., Vol. E81-A, No. 1, pp. 11–19 (1998).Google Scholar
  6. 6.
    von Solms, S. and Naccache, D.: On Blind Signatures and Perfect Crimes, Computers and Security, Vol. 11, No. 6, pp. 581–583 (1992).CrossRefGoogle Scholar
  7. 7.
    Frankel, Y. D. Y.: Threshold Cryptosystems, Advances in Cryptology-CRYPTO’89, LNCS 435, Springer-Verlag, pp. 307–315 (1990).Google Scholar
  8. 8.
    Camenisch, J. and Stadler, M.: Efficient Group Signature Schemes for Large Groups, Advances in Cryptology-CRYPTO’97, LNCS 1294, Springer-Verlag, pp. 410–424 (1997).CrossRefGoogle Scholar
  9. 9.
    Fiat, A. and Shamir, A.: How To Prove Yourself: Practical Solutions to Identification and Signature Problems, Advances in Cryptology-CRYPTO’ 86, LNCS 263, Springer-Verlag, pp. 186–194 (1987).Google Scholar
  10. 10.
    Bellare, M. and Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols, Proc. of First Annual Conference on Computer and Communications Security, Association for Computing Machinery, pp. 62–73 (1993).Google Scholar
  11. 11.
    Stadler, M.: Publicly Verifiable Secret Sharing, Advances in Cryptology-EU-ROCRYPT’96, LNCS 1070, Springer-Verlag, pp. 190–199 (1996).Google Scholar
  12. 12.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms, Advances in Cryptology-CRYPTO’84, LNCS 196, Springer-Verlag, pp. 10–18 (1985).Google Scholar
  13. 13.
    Chaum, D.: Blind Signatures for Untraceable Payments, Advances in Cryptology: Proceedings of CRYPTO’ 82, Plenum Press, pp. 199–203 (1983).Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Toru Nakanishi
    • 1
  • Yuji Sugiyama
    • 1
  1. 1.Department of Communication Network EngineeringFaculty of Engineering, Okayama UniversityOkayamaJapan

Personalised recommendations