Amortized E-Cash

  • Moses Liskov
  • Silvio Micali
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2339)


We present an e-cash scheme which provides a trade-off between anonymity and efficiency, by amortizing the cost of zero-knowledge and signature computation in the cash generation phase.

Our work solves an open problem of Okamoto in divisible e-cash. Namely, we achieve results similar to those of Okamoto, but (1) based on traditional complexity assumptions (rather than ad hoc ones), and (2) within a much crisper definitional framework that highlights the anonymity properties, and (3) in a simple fashion.


Signature Scheme Blind Signature Modular Exponentiation Blind Signature Scheme Digital Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    S. Brands. Untraceable off-line cash in wallet with observers. In Advances in Cryptology— CRYPTO’93, 1993.Google Scholar
  2. 2.
    M. Blum, A. De Santis, S. Micali, and G. Persiano. Noninteractive Zero-Knowledge. In SIAM Journal on Computing 20(6): pp. 1084–1118, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    E. Brickell, P. Gemmell, and D. Kravitz. Trustee-Based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change. In Proceedings of SODA’ 95, 1995.Google Scholar
  4. 4.
    A. Beimel, T. Malkin, and S. Micali. The All-or-Nothing Nature of Two-Party Secure Computation. In Advances in Cryptology: Crypto’99, 1999.Google Scholar
  5. 5.
    D. Chaum. Blind Signatures for Untraceable Payments. In Advances in Cryptology: Crypto’82, 1983.Google Scholar
  6. 6.
    J. Camenisch, U. Maurer, and M. Stadler. Digital Payment Systems with Passive Anonymity-Revoking Trustees. In Lecture Notes in Computer Science vol. 1146, 1996.Google Scholar
  7. 7.
    J. Camenisch, J. Piveteau, and M. Stadler. Fair Blind Signatures. In Proceedings of EuroCrypt’95, 1995.Google Scholar
  8. 8.
    S. D’amingo and G. Di Crescenzo. Methodology for Digital Money based on General Cryptographic Tools. In Advances in Cryptology: Eurocrypt’94, 1994.Google Scholar
  9. 9.
    G. Davida, Y. Frankel, Y. Tsionnis, and M. Yung. Anonymity Control in Electronic Cash Systems. In Proceedings of 1st Financial Crypto, 1997.Google Scholar
  10. 10.
    T. Eng and T. Okamoto. Single-Term Divisible Coins In Advances in Cryptology: Eurocrypt’94, 1994.Google Scholar
  11. 11.
    E. Fujisaki and T. Okamoto. Practical Escrow Cash System. In Lecture Notes in Computer Science vol. 1189, 1997.Google Scholar
  12. 12.
    A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology: Crypto’86, 1986.Google Scholar
  13. 13.
    O. Goldreich, L. Levin. A hard-core predicate for all one-way functions. In Proceedings of the Twenty-First Annual ACM Symposium on Theory of Computing, 1989.Google Scholar
  14. 14.
    S. Goldwasser, M. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. In SIAM Journal on Computing 18, pp. 186–208, 1989. Preliminary version in Proceedings of STOC’85, 1985.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen-message addatcks. In SIAM Journal on Computing 17(2), pp. 21–25, 1988.CrossRefMathSciNetGoogle Scholar
  16. 16.
    O. Goldreich, S. Micalia, and A. Wigderson. Proofs that yield nothing but their validity, or all languages in NP have zero-knowledge proof systems. In Journal of the ACM, 38(3), pp. 691–729, 1991.zbMATHCrossRefGoogle Scholar
  17. 17.
    Louis Claude Guillou and Jean-Jacques Quisquater. A “paradoxical” indentity-based signature scheme resulting from zero-knowledge. In Advances in Cryptology: Cyrpto’88, 1988.Google Scholar
  18. 18.
    M. Jakobsson and J. Muller. Improved Magic Ink Signatures Using Hints. In Proceedings of Financial Crypto’99, 1999.Google Scholar
  19. 19.
    M. Jakobsson and M. Yung. Revokable and Versatile Electronic Money. In 3rd ACM Conference on Computer and Communications Security, 1996.Google Scholar
  20. 20.
    E. Mohammed, A.-E. Emarah, and K. El-Shennaway. A Blind Signature Scheme Based on ElGamal Signature. In Proceedings of the Seventeenth National Radio Science Conference, 17th NRSC 2000, 2000.Google Scholar
  21. 21.
    Silvio Micali. A secure and efficient digital signature algorithm. Technical Report MIT/LCS/TM-501, Massachusetts Institute of Technology, Cambridge, MA, March 1994.Google Scholar
  22. 22.
    R. Molender, D. Mussington, and P. Wilson. Cyberpayments and Money Laundering: Problems and Promise. Document MR-965-OSTP/FinCEN, 1998. Available at
  23. 23.
    R. Merkle. Protocls for Public Key Cryptosystems. In Proceedings of the 1980 Symposium on Security and Privacy, 1980.Google Scholar
  24. 24.
    D. M’Raihi. Cost-Effective Payment Schemes with Privacy Regulation. In Proceedings of ASIACRYPT’96, 1996.Google Scholar
  25. 25.
    D. Naccache and S. von Solms. On Blind Signatures and Perfect Crimes. In Computation and Security, 1992.Google Scholar
  26. 26.
    T. Okamoto. An Efficient Divisible Electronic Cash Scheme. In Advances in Cryptology: Crypto’95, 1995.Google Scholar
  27. 27.
    K. Ohta and T. Okamoto. Universal Electronic Cash. In Advances in Cryptology: Crypto’91, 1992.Google Scholar
  28. 28.
    J.C. Pailles. New Protocols for Electronic Money In Proceedings of Auscrypt’92, 1993.Google Scholar
  29. 29.
    H. Peterson and G. Poupad. Efficient Scalable Fair Cash with Offline Extortion Protection. In Lecture Notes in Computer Science vol. 1334, 1997.Google Scholar
  30. 30.
    C.P. Schnorr. Efficient Identification and Signatures for Smart Cards. In Advances in Cryptology: EUROCRYPT’89, 1989.Google Scholar
  31. 31.
    T. Sander and A. Ta-Shma. Auditable, Anonymous Electronic Cash Extended Abstract In Advances in Cryptology: Crypto’99, 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Moses Liskov
    • 1
  • Silvio Micali
    • 2
  1. 1.MIT Laboratory for Computer ScienceUSA
  2. 2.MIT Laboratory for Computer ScienceUSA

Personalised recommendations