Abstract
Recently, several “divisible” untraceable off-line electronic cash schemes have been presented [8, 11, 19, 20]. This paper presents the first practical “divisible” untraceable1 off-line cash scheme that is “single-term”2 in which every procedure can be executed in the order of log N, where N is the precision of divisibility, i.e., N = (the total coin value)/(minimum divisible unit value). Therefore, our “divisible” off-line cash scheme is more efficient and practical than the previous schemes. For example, when N = 217 (e.g., the total value is about $ 1000, and the minimum divisible unit is 1 cent), our scheme requires only about 1 Kbyte of data be transfered from a customer to a shop for one payment and about 20 modular exponentiations for one payment, while all previous divisible cash schemes require more than several Kbytes of transfered data and more than 200 modular exponentiations for one payment.
In addition, we prove the security of the proposed cash scheme under some cryptographic assumptions. Our scheme is the first “practical divisible” untraceable off-line cash scheme whose cryptographic security assumptions are theoretically clarified.
Note that coins divided from the same coin can be linked each other in the proposed scheme, although they are anonymous, i.e., “untraceable” from the customer’s identity. In other words, the unlinkability among divided coins is not satisfied, although the untraceability is satisfied.
In the first generation of the practical off-line cash schemes [5, 16, 18, 19, 20], the cut-and-choose method is used, in which cash consists of many terms of the same form (e.g., 40 terms). A “single-term” cash scheme [2, 11, 12] means a practical cash scheme in which the cut-and-choose method is not used and cash consists of a single term. The basic idea of “single-term” is from [13], but the technique to realize the “single-term” property is specific to each scheme [2, 11, 12].
Chapter PDF
Similar content being viewed by others
References
Blum, M., “Coin flipping by telephone”, IEEE, COMPCON, pp.133–137 (1982).
Brands, S., “Untraceable Off-line Cash in Wallet with Observers”, Proceedings of Crypto 93, pp.302–318 (1994).
Bleumer, G., Pfitzmann, B. and Waidner, M., “A Remark on a Signature Scheme Where Forgery can be Proved”, Proceedings of Eurorypt 90, pp.441–445 (1991).
Chaum, D., “Security without Identification: Transaction Systems to Make Big Brother Obsolete,” Comm. of the ACM, 28,10, pp.1030–1044 (1985).
Chaum, D., Fiat, A., and Naor, M., “Untraceable Electronic Cash,” Proceedings of Crypto 88, pp.319–327 (1990).
Chaum, D., van Heijst, E., and Pfitzmann, B., “Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer,” Proceedings of Crypto 91, pp.470–484 (1992).
Damgård, I., “Practical and Provably Secure Release of a Secret and Exchange of Signatures,” Proceedings of Eurocrypt 93 (1993).
D’amingo, S. and Di Crescenzo, G., “Methodology for Digital Money based on General Cryptographic Tools”, to appear in the Proceedings of Eurocrypt 94.
De Santis, A. and Persiano, G., “Communication Efficient Zero-Knowledge Proofs of Knowledge (with Applications to Electronic Cash)” Proceedings of STACS 92, pp. 449–460 (1992).
Even, S., Goldreich, O. and Yacobi, Y., “Electronic Wallet”, Proceedings of Crypto 83, pp.383–386 (1983).
Eng, T. and Okamoto, T. “Single-Term Divisible Coins,” to appear in the Proceedings of Eurocrypt 94.
Ferguson, N., “Single Term Off-line Coins”, Proceedings of Eurocrypt 93, pp.318–328 (1994).
Franklin, M. and Yung, M., “Secure and Efficient Off-Line Digital Money”, Proceedings of ICALP 93, pp. 449–460 (1993).
Goldreich, O., Goldwasser, S., and Micali, S., “How to Construct Random Functions,” Journal of ACM, Vol.33, No.4 (1986).
Goldwasser, S., Micali, S. and Rivest, R., “A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks,” SIAM J. Comput., 17,2, pp.281–308 (1988).
Hayes, B., “Anonymous One-Time Signatures and Flexible Untraceable Electronic Cash,” Proceedings of Auscrypt 90, pp.294–305 (1990).
Knuth, D.E. The Art of Computer Programming, Vol.2, 2nd Ed. Addison-Wesley (1981).
Okamoto, T., and Ohta, K., “Disposable Zero-Knowledge Authentication and Their Applications to Untraceable Electronic Cash”, Proceedings of Crypto 89, pp. 481–496 (1990).
Okamoto, T., and Ohta, K., “Universal Electronic Cash”, Proceedings of Crypto 91, pp. 324–337 (1992).
Pailles, J.C., “New Protocols for Electronic Money”, Proceedings of Auscrypt 92, pp. 263–274 (1993).
Pedersen, T. P., “Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing”, Proceedings of Crypto 91, pp. 129–140 (1992).
Pfitzmann, B. and Waidner, M., “How to Break and Repair a “Provably Secure” Untraceable Payment System,” Proceedings of Crypto 91 (1992).
Rabin, M.O., “Digitalized Signatures and Public-Key Functions as Intractable as Factorization,” Tech. Rep., MIT/LCS/TR-212, MIT Lab. Comp. Sci., (1979).
Vaudenay, S., “One-Time Identification with Low Memory,” Eurocodes 92 (1992).
Yacobi, Y., “Efficient electronic money”, to appear in the Proceedings of Asiacrypt 94.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okamoto, T. (1995). An Efficient Divisible Electronic Cash Scheme. In: Coppersmith, D. (eds) Advances in Cryptology — CRYPT0’ 95. CRYPTO 1995. Lecture Notes in Computer Science, vol 963. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44750-4_35
Download citation
DOI: https://doi.org/10.1007/3-540-44750-4_35
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60221-7
Online ISBN: 978-3-540-44750-4
eBook Packages: Springer Book Archive