Linkability in Practical Electronic Cash Design

  • Greg Maitland
  • Jason Reid
  • Ernest Foo
  • Colin Boyd
  • Ed Dawson
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1975)


Designing a practical and complete electronic cash scheme has proved difficult. Designs must seek to optimise often conflicting metrics such as efficiency, anonymity, the ability to make exact payments. Gains in one area often result in a loss in one or more other areas. Several schemes have accepted linkability of some payments as a concession to getting the balance right. A point that has not been highlighted is the problem of preventing linking between payments made with different linkable coins. This paper reviews several electronic cash schemes which have the linkability property and concludes that linking across coins is of significant practical concern. Design improvements are suggested along with observations regarding the user’s active role in preserving anonymity.


Smart Card Blind Signature Payment Transaction Electronic Cash Customer Identity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. J. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. Security Protocols, 5th International Workshop Proceedings, pages 125–135. Springer-Verlag, 1998.Google Scholar
  2. 2.
    R. Anderson and M. Kuhn. Tamper resistance-a cautionary note. Second USENIX Workshop on Electronic Commerce, pages 1–11, 1996. USENIX.Google Scholar
  3. 3.
    S. Brands. An efficient off-line electronic cash system based on the representation problem. Technical Report CS-R9323, Centrum voor Wiskunde en Informatica (CWI), March 1993.Google Scholar
  4. 4.
    S. Brands. Untraceable off-line cash in wallets with observers. Advances in Cryptology-CRYPTO’93, pages 302–318. Springer-Verlag, 1993.Google Scholar
  5. 5.
    E. Brickell, P. Gemmell, and D. Kravitz. Trustee-based tracing extensions to anonymous cash and the making of anonymous change. Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA’95), pages 457–466, 1995.Google Scholar
  6. 6.
    A. Chan, Y. Frankel, and Y. Tsiounis. Easy come — easy go divisible cash. Advances in Cryptology-EUROCRYPT’98, pages 561–576, Springer-Verlag, 1998.Google Scholar
  7. 7.
    D. Chaum and T. Pedersen. Wallet databases with observers. Advances in Cryptology-CRYPTO’92, pages 89–105. Springer-Verlag, 1993.Google Scholar
  8. 8.
    D. Chaum. Blind signatures for untraceable payments. Advances in Cryptology-CRYPTO’82, pages 199–203. Plenum Press, New York and London, 1983, 23–25 August 1982.Google Scholar
  9. 9.
    T. Eng and T. Okamoto. Single-term divisible electronic coins. Advances in Cryptology-EUROCRYPT’94, pages 306–319. Springer-Verlag, 1995.Google Scholar
  10. 10.
    M. Jakobsson. A practical mix. Advances in Cryptology-EUROCRYPT’98, pages 448–461. Springer-Verlag, 1998.Google Scholar
  11. 11.
    M. Jakobsson and M. Yung. Revokable and versatile electronic money. 3rd ACM Conference on Computer and Communications Security, pages 76–87, 1996. ACM Press.Google Scholar
  12. 12.
    T. Okamoto and K. Ohta. Disposable zero-knowledge authentications and their applications to untraceable electronic cash. Advances in Cryptology-CRYPTO’89, pages 481–496, Springer-Verlag, 1990.Google Scholar
  13. 13.
    T. Okamoto and K. Ohta. Universal electronic cash. Advances in Cryptology-CRYPTO’91, pages 324–337, Springer-Verlag, 1992.Google Scholar
  14. 14.
    T. Okamoto. An efficient divisible electronic cash scheme. Advances in Cryptology-CRYPTO’95, pages 438–451. Springer-Verlag, 1995.Google Scholar
  15. 15.
    B. Pfitzmann and M. Waidner. How to break and repair a “provably secure” untraceable payment system. Advances in Cryptology-CRYPTO’91, pages 338–350, Springer-Verlag, 1992.Google Scholar
  16. 16.
    C. Radu, R. Govaerts, and J. Vandewalle. Efficient electronic cash with restricted privacy. Financial Cryptography: First International Conference, FC’ 97, pages 57–69, 1997. Springer-Verlag.Google Scholar
  17. 17.
    M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. Technical Report 97–15, DIMACS, April 1997.Google Scholar
  18. 18.
    Y. Tsiounis. Efficient Electronic Cash: New Notions and Techniques. PhD thesis, Northeastern University Boston, 1997.Google Scholar
  19. 19.
    A. C. Yao. Protocols for secure computations. 23rd IEEE Symposium on Foundations of Computer Science, pages 160–164. IEEE Press, 1982.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Greg Maitland
    • 1
  • Jason Reid
    • 1
  • Ernest Foo
    • 1
  • Colin Boyd
    • 1
  • Ed Dawson
    • 1
  1. 1.Information Security Research CentreQueensland University of TechnologyBrisbaneAustralia

Personalised recommendations