The ESPRIT project CAFE —High security digital payment systems

  • Jean-Paul Boly
  • Antoon Bosselaers
  • Ronald Cramer
  • Rolf Michelsen
  • Stig Mjølsnes
  • Frank Muller
  • Torben Pedersen
  • Birgit Pfitzmann
  • Peter de Rooij
  • Berry Schoenmakers
  • Matthias Schunter
  • Luc Vallée
  • Michael Waidner
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 875)


CAFE (“Conditional Access for Europe”) is an ongoing project in the European Community's ESPRIT program. The goal of CAFE is to develop innovative systems for conditional access, and in particular, digital payment systems. An important aspect of CAFE is high security of all parties concerned, with the least possible requirements that they are forced to trust other parties (so-called multi-party security). This should give legal certainty to everybody at all times. Moreover, both the electronic money issuer and the individual users are less dependent on the tamper-resistance of devices than in usual digital payment systems. Since CAFE aims at the market of small everyday payments that is currently dominated by cash, payments are offline, and privacy is an important issue.

The basic devices used in CAFE are so-called electronic wallets, whose outlook is quite similar to pocket calculators or PDAs (Personal Digital Assistant). Particular advantages of the electronic wallets are that PINs can be entered directly, so that fake-terminal attacks are prevented. Other features are:
  • Loss tolerance: If a user loses an electronic wallet, or the wallet breaks or is stolen, the user can be given the money back, although it is a prepaid payment system.

  • Different currencies.

  • Open architecture and system. The aim is to demonstrate a set of the systems developed in one or more field trials at the end of the project. Note that these will be real hardware systems, suitable for mass production.

This paper concentrates on the basic techniques used in the CAFE protocols.


Security in Applications (Financial) Security Versus other Requirements (Performance, Fault Tolerance) 


  1. Ande93.
    Ross Anderson: Why Cryptosystems Fail; 1st ACM Conference on Computer and Communications Security, acm Press, New York 1993, 215–227.Google Scholar
  2. BaPe 94.
    Peter Bauer, Heribert Peuckert: Chipkarten mit Kryptographie erschließen neue Anwendungsfelder; Siemens-Zeitschrift Special, FuE, Frühjahr 1994, 17–20.Google Scholar
  3. BBCM 94.
    Jean-Paul Boly, Antoon Bosselaers, Ronald Cramer, Rolf Michelsen, Stig Mjølsnes, Frank Muller, Torben Pedersen, Birgit Pfitzmann, Peter de Rooij, Berry Schoenmakers, Matthias Schunter, Luc Vallée, Michael Waidner: Digital Payment Systems in the ESPRIT Project CAFE; Proc. of Securicom '94, Paris, June 1994.Google Scholar
  4. BoCh 90.
    Jurjen Bos, David Chaum: SmartCash: a Practical Electronic Payment System; Centrum voor Wiskunde en Informatica, Computer Science/Departement of Algorithmics and Architecture, Report CS-R9035, August 1990.Google Scholar
  5. Bran 93.
    Stefan Brands: An Efficient Off-line Electronic Cash System Based On The Representation Problem; Centrum voor Wiskunde en Informatica, Computer Science/Departement of Algorithmics and Architecture, Report CS-R9323, March 1993.Google Scholar
  6. Bran 94.
    Stefan Brands: Untraceable Off-line Cash in Wallets with Observers; Crypto '93, LNCS 773, Springer-Verlag, Berlin 1994, 302–318.Google Scholar
  7. Chau 85.
    David Chaum: Security without Identification: Transaction Systems to make Big Brother Obsolete; Communications of the ACM 28/10 (1985) 1030–1044.Google Scholar
  8. Chau 89.
    David Chaum: Privacy Protected Payments — Unconditional Payer and/or Payee Untraceability; SMART CARD 2000: The Future of IC Cards, Proceedings of the IFIP WG 11.6 International Conference; Laxenburg (Austria), 19.–20. 10. 1987, North-Holland, Amsterdam 1989, 69–93.Google Scholar
  9. Chau 92.
    David Chaum: Achieving Electronic Privacy; Scientific American (August 1992) 96–101.Google Scholar
  10. ChFN 90.
    David Chaum, Amos Fiat, Moni Naor: Untraceable Electronic Cash; Crypto '88, LNCS 403, Springer-Verlag, Berlin 1990, 319–327.Google Scholar
  11. ChPe 93.
    David Chaum, Torben Pryds Pedersen: Wallet Databases with Observers; Crypto '92, LNCS 740, Springer Verlag, Berlin 1993, 89–105.Google Scholar
  12. CrPe 94.
    Ronald J. F. Cramer, Torben Pryds Pedersen: Improved Privacy in Wallets with Observers (Extended Abstract); Eurocrypt '93, LNCS 765, Springer-Verlag, Berlin 1994, 329–343.Google Scholar
  13. DiHe 76.
    Whitfield Diffie, Martin E. Hellman: New Directions in Cryptography; IEEE Transactions on Information Theory 22/6 (1976) 644–654.CrossRefGoogle Scholar
  14. Ferg 94.
    Niels Ferguson: Single Term Off-Line Coins; Eurocrypt '93, LNCS 765, Springer-Verlag, Berlin 1994, 318–328.Google Scholar
  15. Fergl 94.
    Niels Ferguson: Extensions of Single-Term Coins; Crypto '93, LNCS 773, Springer-Verlag, Berlin 1994, 292–301.Google Scholar
  16. FrYu 93.
    Matthew Franklin, Moti Yung: Secure and Efficient Off-Line Digital Money; 20th International Colloquium on Automata, Languages and Programming (ICALP), LNCS 700, Springer-Verlag, Heidelberg 1993, 265–276.Google Scholar
  17. GoMR 88.
    Shafi Goldwasser, Silvio Micali, Ronald L. Rivest: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks; SIAM J. Comput. 17/2 (1988) 281–308.CrossRefGoogle Scholar
  18. GuUQ 92.
    Louis Claude Guillou, Michel Ugon, Jean-Jacques Quisquater: The Smart Card: A Standardized Security Device Dedicated to Public Cryptology; Gustavus J. Simmons: Contemporary Cryptology — The Science of Information Integrity; IEEE Press, Hoes Lane 1992, 561–613.Google Scholar
  19. Neum 92.
    Peter G. Neumann: Inside Risks: Fraud by computers; Communications of the ACM 35/8 (1992), 154.CrossRefGoogle Scholar
  20. OkOh 92.
    Tatsuaki Okamoto, Kazuo Ohta: Universal Electronic Cash; Crypto '91, LNCS 576, Springer Verlag, Berlin 1992, 324–337.Google Scholar
  21. PWP 90.
    Birgit Pfitzmann, Michael Waidner, Andreas Pfitzmann: Rechtssicherheit trotz Anonymitäl in offenen digitalen Systemen; Datenschutz und Datensicherung DuD 14/5–6 (1990) 243–253, 305–315.Google Scholar
  22. RSA 78.
    R. L. Rivest, A. Shamir, L. Adleman: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems; Communications of the ACM 21/2 (1978) 120–126, reprinted: 26/1 (1983) 96–99.CrossRefGoogle Scholar
  23. Schn 91.
    C.P. Schnorr: Efficient Signature Generation by Smart Cards; Journal of Cryptology 4/3 (1991) 161–174.Google Scholar
  24. Waid 94.
    Michael Waidner: CAFE — Conditional Access for Europe; 4. GMD-SmartCard Workshop, 8.–9. Februar 1994, GMD Darmstadt; Multicard '94, Berlin, 23.–25. Februar 1994.Google Scholar
  25. WaPf 90.
    Michael Waidner, Birgit Pfitzmann: Loss-Tolerance for Electronic Wallets; Proceedings 20th International Symposium on Fault-Tolerant Computing (FTCS 20), Newcastle upon Tyne (UK), 140–147.Google Scholar
  26. WaPf 91.
    Michael Waidner, Birgit Pfitzmann: Loss-tolerant electronic wallet; David Chaum (ed.): Smart Card 2000, Selected Papers from the Second International Smart Card 2000 Conference, North-Holland, Amsterdam 1991, 127–150.Google Scholar
  27. WaWe 94.
    Michael Waidner, Arnd Weber: Europäisches Industrie-und Forschungskonsortium entwickelt neuartiges Zahlungsverfahren; will be published in: Datenschutz-Berater, 1994.Google Scholar
  28. Weik 93.
    Franz Weikmann: Chipkarten — Entwicklungsstand und weitere Perspektiven; PIK, Praxis der Informationsverarbeitung und Kommunikation 16/1 (1993) 28–34.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Jean-Paul Boly
    • 1
  • Antoon Bosselaers
    • 2
  • Ronald Cramer
    • 3
  • Rolf Michelsen
    • 4
  • Stig Mjølsnes
    • 4
  • Frank Muller
    • 1
  • Torben Pedersen
    • 5
  • Birgit Pfitzmann
    • 6
  • Peter de Rooij
    • 1
  • Berry Schoenmakers
    • 3
  • Matthias Schunter
    • 6
  • Luc Vallée
    • 7
  • Michael Waidner
    • 6
    • 8
  1. 1.PTT ResearchAK LeidschendamThe Netherlands
  2. 2.Katholieke Universiteit Leuven, Dept. Elektrotechniek E.S.A.T.HeverleeBelgium
  3. 3.CWISJ AmsterdamThe Netherlands
  4. 4.SINTEF-DELABTrondheimNorway
  5. 5.Aarhus Universitet, Matematisk Institut, Ny MunkegadeAarhus CDenmark
  6. 6.Universität Hildesheim, Institut für InformatikHildesheimGermany
  7. 7.SEPTCaen CedexFrance
  8. 8.Universität Karlsruhe, Institut für Rechnerentwurf und FehlertoleranzKarlsruheGermany

Personalised recommendations