Risk Management for E-Cash Systems with Partial Real-Time Audit

  • Yacov Yacobi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1648)


We analyze “coin-wallet” and “balance-wallet” under partial real-time audit, and compute upper bounds on theft due to the fact that not all the transactions are audited in real time, assuming that every- thing else is perfect. In particular, we assume that the audit regime holds for innocent players. Let v be the maximum allowed balance in a wallet, 0 ≤ μ ≤ 1 be the fraction of transactions that are audited in real time in an audit round that includes overall n transactions. Assume one unit transactions. We show that for μ << 1 the upper bound on expected theft for coin-wallet is \( \frac{\upsilon } {{e^{\mu ^2 \upsilon } - 1}} \) (which if v << μ−2 becomes \( (e^{\mu ^2 } - 1)^{ - 1} \)), while for plausible parameter choice the bound for a balance-wallet is O(exp(v 2/n)). This last bound can become huge in some cases, implying that partial audit, while suitable for coin-wallets with low denomination coins, may be too risky for balance-wallet. Some implications to the design of anonymous and non-anonymous systems are discussed.


Cryptography e-cash randomized-audit risk-management economy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    N. Alon, J.H. Spencer, and P. Erdos The Probabilistic Method, Wiley Interscience, ISBN 0-471-53588-5Google Scholar
  2. 2.
    D. Chaum Achieving Electronic Privacy Scientific American, August 1992, pp. 96–101.Google Scholar
  3. 3.
    Chaum Fiat and Naor Untraceable Electronic Cash, Proc. Crypto 1988.Google Scholar
  4. 4.
    S. Even, O. Goldreich, Y. Yacobi: Electronic Wallet, Crypto’83 (See also the Zurich’94 Seminar).Google Scholar
  5. 5.
    M Franklin and M. Yung Secure and efficient off-line digital money, Proc. 20th ICALP 1993Google Scholar
  6. 6.
    E. Gabber and A. Silberschatz: Agora: A Minimal Distributed Protocol for Electronic Commerce, USENIX Workshop on E-Commerce, Oakland CA, Nov. 1996.Google Scholar
  7. 7.
    S. Jarecki and A.M. Odlyzko:An efficient micropayment system based on probabilistic polling, Proc. Financial Cryptography-97.Google Scholar
  8. 8.
    R.C. Merkle: Protocols for Public Key Cryptosystems, Proc. of 1980 Symp. on Security and Privacy, IEEE Computer Society, pp. 122–133 (April 1980).Google Scholar
  9. 9.
    T. Okamoto:`An Efficient Divisible Electronic Cash Scheme, Proc. Crypto’95, Springer Verlag LNCS 963, pp. 438–451.Google Scholar
  10. 10.
    T. Okamoto and K. Ohta: Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash, Proc. Crypto’89, Springer-Verlag LNCS 435, pp. 481–496Google Scholar
  11. 11.
    T. Okamoto and K. Ohta: Universal Electronic Cash, Proc. Crypto’90, Springer-Verlag LNCS 576, pp. 324–337Google Scholar
  12. 12.
    R.L. Rivest: Electronic Lottery Tickets as Micropayments Financial Cryptography 97, Springer Verlag LNCS 1318, pp. 306–314, Rafael Hirschfeld (Ed.)Google Scholar
  13. 13.
    D.R. Simon: Anonymous Communication and Anonymous Cash, Proc. Crypto’96, Springer Verlag LNCS 1109, pp 61–73.Google Scholar
  14. 14.
    D. Wheeler: Transactions Using Bets, Proc. ARE, 1997, LNCS 1189, pp. 89–92Google Scholar
  15. 15.
    Y. Yacobi: Efficient E-money, in Proc. Asiacrypt’94, Springer Verlag LNCS 917, pp. 153–163.Google Scholar
  16. 16.
    Y. Yacobi: On the Continuum Between On-line and Off-line E-cash Systems-I, Proc. Financial Cryptography-97.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Yacov Yacobi
    • 1
  1. 1.Microsoft ResearchOne Microsoft WayRedmond

Personalised recommendations