Advertisement

Trustee Tokens: Simple and Practical Anonymous Digital Coin Tracing

  • Ari Juels
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1648)

Abstract

We introduce a trustee-based tracing mechanism for anony- mous digital cash that is simple, efficient, and provably secure relative to its underlying cryptographic primitives. In contrast to previous schemes, ours may be built on top of a real-world anonymous cash system, such as the DigiCashTM system, with minimal modification to the underlying protocols. In addition, our scheme involves no change to the structure of the coins. On the other hand, our scheme requires user interaction with a trustee, while many other such systems do not. This interaction occurs infrequently, however, and is efficient both in terms of computation and storage requirements. Our scheme also achieves more limited security guarantees in the presence of malicious trustees than many other sys- tems do. While this is a disadvantage, it represents a tradeoff enabling us to achieve the high level of practicality of our system.

Keywords

anonymity blind digital signatures coin tracing digital cash e-cash trustee-based coin tracing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Digicash, Inc. Web site. http://www.DigiCash.com, 1998.
  2. 2.
    D. Chaum Blind signatures for untraceable payments. In David Chaum, Ronald L. Rivest, and Alan T. Sherman, editors, Advances in Cryptology-CRYPTO’ 82, pages 199–203.Plemum,1982.Google Scholar
  3. 3.
    M. Jakobsson and M. Yung Revocable and versatile e-money. In 3rd ACM Conference on Computer Communications Security. ACM Press, 1996.Google Scholar
  4. 4.
    D. Chaum and T. Pedersen Wallet databases with observers. In Ernest F. Brickell, editor, Advances in Cryptology-CRYPTO’ 92, pages 89–105. Springer-Verlag, 1992. LNCS No. 740.Google Scholar
  5. 5.
    M. Jakobsson and A. Juels X-cash: Executable digital cash. In Rafael Hirschfeld, editor, Financial Cryptography’ 98. Springer-Verlag, 1998. To appear.Google Scholar
  6. 6.
    M. Jakobsson and M. Yung Distributed Magic-Ink signatures. In Walter Fumy, editor, Advances in Cryptology-EUROCRYPT’ 97, pages 450–464. Springer-Verlag, 1997. LNCS No. 1233.Google Scholar
  7. 7.
    M. Luby Pseudorandomness and Cryptographic Applications. Princeton University Press, 1996.Google Scholar
  8. 8.
    D. Chaum, A. Fiat, and M. Naor Untraceable electronic cash. In Shafi Goldwasser, editor, Advances in Cryptology-CRYPTO’ 88, pages 319–327. Springer-Verlag, 1988. LNCS No. 403.Google Scholar
  9. 9.
    T. Rabin A simplified approach to threshold and proactive RSA. In Hugo Krawczyk, editor, Advances in Cryptology-CRYPTO’ 98, pages 89–104. Springer-Verlag, 1998. LNCS No. 1462.CrossRefGoogle Scholar
  10. 10.
    M. Stadler, J.M. Piveteau, and J. Camenisch Fair blind signatures. In Louis C. Guillou and Jean-Jacques Quisquater, editors, Advances in Cryptology-EUROCRYPT’ 95, pages 209–219. Springer-Verlag, 1995. LNCS No. 921.Google Scholar
  11. 11.
    D. Boneh and M. Franklin Efficient generation of shared RSA keys. In Burton S. Kaliski, Jr., editor, Advances in Cryptology-CRYPTO’ 97, pages 425–439. Springer-Verlag, 1997. LNCS No. 1294.CrossRefGoogle Scholar
  12. 12.
    D. M’Raïhi Cost-effective payment schemes with privacy regulation. In M.Y. Rhee and K. Kim, editors, Advances in Cryptology-Proceedings of ASIACRYPT’ 96, pages 266–275. Springer-Verlag, 1996. LNCS No. 1163.CrossRefGoogle Scholar
  13. 13.
    B. von Solms and D. Naccache On blind signatures and perfect crimes. Computers and Security, 11(6):581–583, 1992.CrossRefGoogle Scholar
  14. 14.
    D. Pointcheval and J. Stern Provably secure blind signature schemes. In M.Y. Rhee and K. Kim, editors, Advances in Cryptology-Proceedings of ASIACRYPT’ 96, pages 252–265. Springer-Verlag, 1996. LNCS No. 1163.CrossRefGoogle Scholar
  15. 15.
    B. Schoenmakers Basic security of the ecashTM payment system. In Bart Preenel et al., editors, Computer Security and Industrial Cryptography: State of the Art and Evolution, ESAT Course, pages 338–352, 1998. LNCS No. 1528. Corrected version available on-line at http://www.win.tue.nl/berry/papers/cosic.ps.gz.Google Scholar
  16. 16.
    A. Juels, M. Luby, and R. Ostrovsky Security of blind digital signatures. In Burton S. Kaliski, Jr., editor, Advances in Cryptology-CRYPTO’ 97, pages 150–164. Springer-Verlag, 1997. LNCS No. 1294.CrossRefGoogle Scholar
  17. 17.
    J. Camenisch, J.-M. Piveteau, and M. Stadler An efficient fair payment system. In 3rd ACM Conference on Computer Communications Security, pages 88–94. ACM Press, 1996.Google Scholar
  18. 18.
    A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone Handbook of Applied Cryptography. CRC Press, 1996.Google Scholar
  19. 19.
    G. Davida, Y. Frankel, Y. Tsiounis, and M. Yung Anonymity control in e-cash systems. In Rafael Hirschfeld, editor, Financial Cryptography’ 97, pages 1–16. Springer-Verlag, 1997. LNCS No. 1318.Google Scholar
  20. 20.
    M. Bellare, R. Canetti, and H. Krawczyk Keying hash functions for message authentication. In Neal Koblitz, editor, Advances in Cryptology-CRYPTO’ 96, pages 1–16. Springer-Verlag, 1996. LNCS No. 1109.CrossRefGoogle Scholar
  21. 21.
    E.F. Brickell, P. Gemmell, and D. Kravitz Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms, pages 457–466, 1995.Google Scholar
  22. 22.
    L. Law, S. Sabett, and J. Solinas How to make a mint: the cryptography of anonymous digital cash. Technical Report 96-10-17, National Security Agency, 1996. Available at http://www.ffhsj.com/bancmail/bancpage.html.
  23. 23.
    J. Camenisch, U. Maurer, and M. Stadler Digital payment systems with passive anonymity-revoking trustees. In Computer Security-ESORICS’ 96, pages 31–43. Springer-Verlag, 1996. LNCS No.1146.Google Scholar
  24. 24.
    J. Camenisch, U. Maurer, and M. Stadler Digital payment systems with passive anonymity-revoking trustees. Journal of Computer Security, 5(1):254–265, 1997.Google Scholar
  25. 25.
    Y. Frankel, Y. Tsiounis, and M. Yung Indirect discourse proofs: Achieving fair off-line e-cash. In M.Y. Rhee and K. Kim, editors, Advances in Cryptology-Proceedings of ASIACRYPT’ 96, pages 286–300. Springer-Verlag, 1996. LNCS No.1163.CrossRefGoogle Scholar
  26. 26.
    M. Jakobsson and M. Yung Applying anti-trust policies to increase trust in a versatile e-money system. In Rafael Hirschfeld, editor, Financial Cryptography’ 97, pages 217–238. Springer-Verlag, 1997. LNCS No. 1318.Google Scholar
  27. 27.
    D. M’Raïhi and D. Pointcheval Distributed trustees and revokability: A framework for internet payment. In Rafael Hirschfeld, editor, Financial Cryptography’ 98. Springer-Verlag, 1998. To appear.Google Scholar
  28. 28.
    M. Bellare, R. Guerin, and P. Rogaway XOR MACs: New methods for message authentication using finite pseudo-random functions. In Don Coppersmith, editor, Advances in Cryptology-CRYPTO’ 95, pages 15–28. Springer-Verlag, 1995. LNCS No. 963.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Ari Juels
    • 1
  1. 1.RSA LaboratoriesBedfordUSA

Personalised recommendations