Flow Control: A New Approach for Anonymity Control in Electronic Cash Systems

  • Tomas Sander
  • Amnon Ta-Shma
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1648)


Anonymity features of electronic payment systems are im- portant for protecting privacy in an electronic world. However, complete anonymity prevents monitoring financial transactions and following the money trail, which are important tools for fighting serious crimes. To solve these type of problems several “escrowed cash” systems, that allow a “Trustee” to trace electronic money, were suggested. In this paper we suggest a completely different approach to anonymity control based on the fact that law enforcement is mainly concerned with large anonymous electronic payments. We describe a payment system that effectively lim- its the amount of money a user can spend anonymously in a given time frame. To achieve this we describe a technique to make electronic money strongly non-transferable. Our payment system protects the privacy of the honest user who plays by the rules, while introducing significant hurdles for several criminal abuses of the system.


Smart Card Signature Scheme Payment System Money Laundering Blind Signature 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    S. Brands An efficient off-line electronic cash system based on the representation problem. In 246. Centrum voor Wiskunde en Informatica (CWI), ISSN 0169-118X, December 31 1993. AA (Department of Algorithmics and Architecture), CS-R9323, URL=
  2. 2.
    S. Brands Untraceable off-line cash in wallet with observers. In Douglas R. Stinson, editor, Crypto 93, volume 773 of LNCS, pages 302–318. SV, 1993.Google Scholar
  3. 3.
    Ernie Brickell, Peter Gemmell, and David Kravitz Trustee-based tracing extensions to anonymous cash and the making of anonymous change. In Proceedings of the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA’95), pages 457–466. Sandia National Labs, January 1995.Google Scholar
  4. 4.
    J. Camenisch, U. Maurer, and M. Stadler Digital payment systems with passive anonymity-revoking trustees. Lecture Notes in Computer Science, 1146:33, 1996.Google Scholar
  5. 5.
    D. Chaum and T. Pedersen Transferred cash grows in size. In R.A. Rueppel, editor, Advances in Cryptology EUROCRYPT 92, volume 658 of Lecture Notes in Computer Science, pages 390–407. Springer-Verlag, 24-28 May 1992.CrossRefGoogle Scholar
  6. 6.
    I. Damgard Payment systems and credential mechanisms with provable security against abuse by individuals. In S. Goldwasser, editor, Crypto 88, LNCS, pages 328–335, Santa Barbara, CA, USA, August 1990. SV.Google Scholar
  7. 7.
    S. D’Amiano and G. Di Crescenzo Methodology for digital money based on general cryptographic tools. In Alfredo De Santis, editor, Advances in Cryptology-EUROCRYPT 94, volume 950 of Lecture Notes in Computer Science, pages 156–170. Springer-Verlag, 1995, 9-12 May 1994.CrossRefGoogle Scholar
  8. 8.
    G. Davida, Y. Frankel, Y. Tsiounis, and Moti Yung Anonymity control in E-cash systems. In Rafael Hirschfeld, editor, Financial Cryptography: First International Conference, FC’ 97, volume 1318 of Lecture Notes in Computer Science, pages 1–16, Anguilla, British West Indies, 24-28 February 1997. Springer-Verlag.Google Scholar
  9. 9.
    C. Dwork, J. Lotspiech, and M. Naor Digitalsignets: Self-enforcing protection of digital information. In Proceedings of The Twenty-Eighth Annual ACM Symposium On The Theory Of Computing (STOC’ 96), pages 489–498, New York, USA, May 1996. ACM Press.Google Scholar
  10. 10.
    O. Goldreich, S. Micali, and A. Wigderson How to play ANY mental game. In Alfred Aho, editor, Proceedings of the 19th Annual ACM Symposium on Theory of Computing, pages 218–229, New York City, NY, May 1987. ACM Press.Google Scholar
  11. 11.
    S. Goldwasser, S. Micali, and R. Rivest A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281–308, 1988. Special issue on cryptography.zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    M. Jakobsson and D. M’Raihi Mix-based electronic payments. In Fifth Annual Workshop on Selected Areas in Cryptography, 1998.Google Scholar
  13. 13.
    M. Jakobsson and M. Yung Revokable and versatile electronic mony. In Clifford Neuman, editor, 3rd ACM Conference on Computer and Communications Security, pages 76–87, New Delhi, India, March 1996. ACM Press.Google Scholar
  14. 14.
    A. Juels, M. Luby, and R. Ostrovsky Security of blind digital signatures. In CRYPTO: Proceedings of Crypto, 1997.Google Scholar
  15. 15.
    R.C. Molander, D.A. Mussington, and P. Wilson. Cyberpayments and money laundering. RAND, 1998.
  16. 16.
    S. Morris Contribution to the panel “a session on electronic money: Threat to law enforcement, privacy, freedom, or all three? ” at the sixth conference on computers, freedom, and privacy (cfp96), cambridge, ma. available as RealAudio document at switz/cfp96/plenary-money.html, 1996.
  17. 17.
    D. M’Raihi Cost-effective payment schemes with privacy regulation. In Kwangjo Kim and Tsutomu Matsumoto, editors, Advances in Cryptology-ASIACRYPT’ 96, volume 1163 of Lecture Notes in Computer Science, pages 266–275, Kyongju, Korea, 3–7 November 1996. Springer-Verlag.CrossRefGoogle Scholar
  18. 18.
    T. Okamoto and K. Ohta.Disposable zero-knowledge authentications and their applications to untraceable electronic cash. In Advances in Cryptology: CRYPTO’ 89, pages 481–497, Berlin, August 1990. Springer.Google Scholar
  19. 19.
    T. Okamoto and K. Ohta Universal electronic cash. In Joan Feigenbaum, editor, Proceedings of Advances in Cryptology (CRYPTO’ 91), volume 576 of LNCS, pages 324–337, Berlin, Germany, August 1992. Springer.Google Scholar
  20. 20.
    B. Pfitzmann and M. Waidner How to break and repair a “provably secure” untraceable payment system. In Joan Feigenbaum, editor, Proceedings of Advances in Cryptology (CRYPTO’ 91), volume 576 of LNCS, pages 338–350, Berlin, Germany, August 1992. Springer.Google Scholar
  21. 21.
    D. Pointcheval and J. Stern Security proofs for signature schemes. In Ueli Maurer, editor, Advances in Cryptology-EUROCRYPT 96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer-Verlag, 12-16 May 1996.Google Scholar
  22. 22.
    T. Sander and A. Ta-Shma Auditable, counterfeiting resistant electronic cash. In preparation.Google Scholar
  23. 23.
    C. Schnorr Efficient signature generation by smart cards. Journal of Cryptology, 4(3):161–174, 1991.zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Paul F. Syverson, Stuart G. Stubblebine, and David M. Goldschlag Unlinkable serial transactions. In Rafael Hirschfeld, editor, Financial Cryptography:First International Conference, FC’ 97, volume 1318 of Lecture Notes in Computer Science, pages 39–55, Anguilla, British West Indies, 24-28 February 1997. Springer-Verlag.Google Scholar
  25. 25.
    S. von Solms and D. Naccache On bline signatures and perfect crimes. Computers and Security, 11(6):581–583, October 1992.CrossRefGoogle Scholar
  26. 26.
    A. Yao How to generate and exchange secrets. In 27th Annual Symposium on Foundations of Computer Science, pages 162–167, Los Angeles, Ca., USA, October 1986. IEEE Computer Society Press.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Tomas Sander
    • 1
  • Amnon Ta-Shma
    • 1
  1. 1.International Computer Science InstituteBerkeleyUSA

Personalised recommendations