Practical escrow cash systems

  • Eiichiro Fujisaki
  • Tatsuaki Okamoto
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1189)


This paper proposes practical escrow cash schemes with the following properties:
  • The privacy of users is preserved, unless all (or a certain portion) of the trustees collaborate.

  • If all (or a certain portion) of the trustees collaborate (for law enforcement or crime prevention), the collaboration can trace the payment history from the payer's (i.e., criminal's) name, and they can also trace the payer's (i.e., criminal's) name from a payment history.

  • Extortion attacks can be partially technically prevented.

  • Each coin is divisible under an off-line payment condition.


Signature Scheme Crime Prevention Blind Signature Commitment Scheme Blind Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brands, S., “Untraceable Off-line Cash in Wallet with Observers”, Proceedings of Crypto 93, pp. 302–318 (1994).Google Scholar
  2. 2.
    Brands, S., “Restrictive Blinding of Secret-Key Certificates”, Proceedings of Eurocrypt 95, pp. 231–247 (1995).Google Scholar
  3. 3.
    Brickell, E., Gemmell, P., and Kravitz, D., “Trustee-based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change”, Proceedings of SODA95, pp. 457–466.Google Scholar
  4. 4.
    Ben-Or, M., Goldwasser, S., and Wigderson, A., “Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation”, Proceeding of STOC88, pp 11–17.Google Scholar
  5. 5.
    Chaum, D., Crepeau, C., and Damgard, I., “Multiparty Unconditionally Secure Protocol”, Proceeding of STOC88, pp 1–10.Google Scholar
  6. 6.
    Chaum, D., “Untraceable Electronic Mail, Return Address, and Digital Pseudonyms”, Comm. of the ACM, 24, 2, pp. 84–88 (1981).CrossRefGoogle Scholar
  7. 7.
    Chaum, D., “Blind Signatures for Untraceable Payments”, Proceedings of Crypto 92, pp. 199–203. (1992).Google Scholar
  8. 8.
    Chaum, D., “Security without Identification: Transaction Systems to Make Big Brother Obsolete,” Comm. of the ACM, 28, 10, pp. 1030–1044 (1985).CrossRefGoogle Scholar
  9. 9.
    Chaum, D., Fiat, A., and Naor, M., “Untraceable Electronic Cash,” Proceedings of Crypto 88, pp. 319–327 (1990).Google Scholar
  10. 10.
    Camenisch, J., Piveteau, J., and Stadler, M., “Blind Signatures Based on the Discrete Logarithm Problem”, Proceedings of Eurocrypt 94, pp. 428–432 (1994).Google Scholar
  11. 11.
    Camenisch, J., Piveteau, J., and Stadler, M., “An Efficient Fair Payment System”, Proceedings of 3rd ACM Conference on Computer Communications Security (1996).Google Scholar
  12. 12.
    Damgård, I., “Practical and Provably Secure Release of a Secret and Exchange of Signatures,” Proceedings of Eurocrypt 93 (1993).Google Scholar
  13. 13.
    D'amingo, S. and Di Crescenzo, G., “Methodology for Digital Money based on General Cryptographic Tools”, to appear in the Proceedings of Eurocrypt 94.Google Scholar
  14. 14.
    De Santis, A. and Persiano, G., “Communication Efficient Zero-Knowledge Proofs of Knowledge (with Applications to Electronic Cash)” Proceedings of STACS 92, pp. 449–460 (1992).Google Scholar
  15. 15.
    Eng, T. and Okamoto, T. “Single-Term Divisible Coins,” to appear in the Proceedings of Eurocrypt 94.Google Scholar
  16. 16.
    Ferguson, N., “Single Term Off-line Coins”, Proceedings of Eurocrypt 93, pp. 318–328 (1994).Google Scholar
  17. 17.
    Franklin, M. and Yung, M., “Secure and Efficient Off-Line Digital Money”, Proceedings of ICALP 93, pp. 449–460 (1993).Google Scholar
  18. 18.
    Goldwasser, S., Micali, S. and Rivest, R., “A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks,” SIAM J. Comput., 17, 2, pp. 281–308 (1988).Google Scholar
  19. 19.
    Goldreich, O., Micali, S. and Wiederson, A., “How to play any mental game”, Proceedings of STOC87, pp. 218–229.Google Scholar
  20. 20.
    Goldreich, O., “Foundations of Cryptography”, Class Notes, Spring 1989.Google Scholar
  21. 21.
    Hayes, B., “Anonymous One-Time Signatures and Flexible Untraceable Electronic Cash,” Proceedings of Auscrypt 90. pp. 294–305 (1990).Google Scholar
  22. 22.
    Okamoto, T., and Ohta, K., “Disposable Zero-Knowledge Authentication and Their Applications to Untraceable Electronic Cash”, Proceedings of Crypto 89, pp. 481–496 (1990).Google Scholar
  23. 23.
    Okamoto, T., and Ohta, K., “Universal Electronic Cash”, Proceedings of Crypto 91, pp. 324–337 (1992).Google Scholar
  24. 24.
    Okamoto, T., “An Efficient Divisible Electronic Cash Scheme”, Proceedings of Crypto 95, pp. 438–451 (1995).Google Scholar
  25. 25.
    Pailles, J.C., “New Protocols for Electronic Money”, Proceedings of Auscrypt 92, pp. 263–274 (1993).Google Scholar
  26. 26.
    Pedersen, T. P., “Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing”, Proceedings of Crypto 91, pp. 129–140 (1992).Google Scholar
  27. 27.
    Shamir, A., “How to share a secret”, Communications of the ACM, v. 24, n.11, Nov 1979, pp. 612–613.Google Scholar
  28. 28.
    Stadler, M., Piveteau, J., and Camenisch, J., “Fair Blind Signature”, Proceedings of Eurocrypt 95, pp. 209–219 (1995).Google Scholar
  29. 29.
    Vaudenay, S., “One-Time Identification with Low Memory,” Eurocodes 92 (1992).Google Scholar
  30. 30.
    von Solms, S., and Naccache, D., “On Blind Signatures and Perfect Crimes”. Computer and Security, 11 (1992) pp 581–583.Google Scholar
  31. 31.
    Yacobi, Y., “Efficient electronic money”, to appear in the Proceedings of Asiacrypt 94.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Eiichiro Fujisaki
    • 1
  • Tatsuaki Okamoto
    • 1
  1. 1.NTT LaboratoriesYokosuka-shiJapan

Personalised recommendations