Trustee Tokens: Simple and Practical Anonymous Digital Coin Tracing
We introduce a trustee-based tracing mechanism for anony- mous digital cash that is simple, efficient, and provably secure relative to its underlying cryptographic primitives. In contrast to previous schemes, ours may be built on top of a real-world anonymous cash system, such as the DigiCashTM system, with minimal modification to the underlying protocols. In addition, our scheme involves no change to the structure of the coins. On the other hand, our scheme requires user interaction with a trustee, while many other such systems do not. This interaction occurs infrequently, however, and is efficient both in terms of computation and storage requirements. Our scheme also achieves more limited security guarantees in the presence of malicious trustees than many other sys- tems do. While this is a disadvantage, it represents a tradeoff enabling us to achieve the high level of practicality of our system.
Keywordsanonymity blind digital signatures coin tracing digital cash e-cash trustee-based coin tracing
Unable to display preview. Download preview PDF.
- 1.Digicash, Inc. Web site. http://www.DigiCash.com, 1998.
- 2.D. Chaum Blind signatures for untraceable payments. In David Chaum, Ronald L. Rivest, and Alan T. Sherman, editors, Advances in Cryptology-CRYPTO’ 82, pages 199–203.Plemum,1982.Google Scholar
- 3.M. Jakobsson and M. Yung Revocable and versatile e-money. In 3rd ACM Conference on Computer Communications Security. ACM Press, 1996.Google Scholar
- 4.D. Chaum and T. Pedersen Wallet databases with observers. In Ernest F. Brickell, editor, Advances in Cryptology-CRYPTO’ 92, pages 89–105. Springer-Verlag, 1992. LNCS No. 740.Google Scholar
- 5.M. Jakobsson and A. Juels X-cash: Executable digital cash. In Rafael Hirschfeld, editor, Financial Cryptography’ 98. Springer-Verlag, 1998. To appear.Google Scholar
- 6.M. Jakobsson and M. Yung Distributed Magic-Ink signatures. In Walter Fumy, editor, Advances in Cryptology-EUROCRYPT’ 97, pages 450–464. Springer-Verlag, 1997. LNCS No. 1233.Google Scholar
- 7.M. Luby Pseudorandomness and Cryptographic Applications. Princeton University Press, 1996.Google Scholar
- 8.D. Chaum, A. Fiat, and M. Naor Untraceable electronic cash. In Shafi Goldwasser, editor, Advances in Cryptology-CRYPTO’ 88, pages 319–327. Springer-Verlag, 1988. LNCS No. 403.Google Scholar
- 10.M. Stadler, J.M. Piveteau, and J. Camenisch Fair blind signatures. In Louis C. Guillou and Jean-Jacques Quisquater, editors, Advances in Cryptology-EUROCRYPT’ 95, pages 209–219. Springer-Verlag, 1995. LNCS No. 921.Google Scholar
- 15.B. Schoenmakers Basic security of the ecashTM payment system. In Bart Preenel et al., editors, Computer Security and Industrial Cryptography: State of the Art and Evolution, ESAT Course, pages 338–352, 1998. LNCS No. 1528. Corrected version available on-line at http://www.win.tue.nl/berry/papers/cosic.ps.gz.Google Scholar
- 17.J. Camenisch, J.-M. Piveteau, and M. Stadler An efficient fair payment system. In 3rd ACM Conference on Computer Communications Security, pages 88–94. ACM Press, 1996.Google Scholar
- 18.A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone Handbook of Applied Cryptography. CRC Press, 1996.Google Scholar
- 19.G. Davida, Y. Frankel, Y. Tsiounis, and M. Yung Anonymity control in e-cash systems. In Rafael Hirschfeld, editor, Financial Cryptography’ 97, pages 1–16. Springer-Verlag, 1997. LNCS No. 1318.Google Scholar
- 21.E.F. Brickell, P. Gemmell, and D. Kravitz Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms, pages 457–466, 1995.Google Scholar
- 22.L. Law, S. Sabett, and J. Solinas How to make a mint: the cryptography of anonymous digital cash. Technical Report 96-10-17, National Security Agency, 1996. Available at http://www.ffhsj.com/bancmail/bancpage.html.
- 23.J. Camenisch, U. Maurer, and M. Stadler Digital payment systems with passive anonymity-revoking trustees. In Computer Security-ESORICS’ 96, pages 31–43. Springer-Verlag, 1996. LNCS No.1146.Google Scholar
- 24.J. Camenisch, U. Maurer, and M. Stadler Digital payment systems with passive anonymity-revoking trustees. Journal of Computer Security, 5(1):254–265, 1997.Google Scholar
- 26.M. Jakobsson and M. Yung Applying anti-trust policies to increase trust in a versatile e-money system. In Rafael Hirschfeld, editor, Financial Cryptography’ 97, pages 217–238. Springer-Verlag, 1997. LNCS No. 1318.Google Scholar
- 27.D. M’Raïhi and D. Pointcheval Distributed trustees and revokability: A framework for internet payment. In Rafael Hirschfeld, editor, Financial Cryptography’ 98. Springer-Verlag, 1998. To appear.Google Scholar
- 28.M. Bellare, R. Guerin, and P. Rogaway XOR MACs: New methods for message authentication using finite pseudo-random functions. In Don Coppersmith, editor, Advances in Cryptology-CRYPTO’ 95, pages 15–28. Springer-Verlag, 1995. LNCS No. 963.Google Scholar