Abstract
An off-line electronic coin system is presented that offers multi-party security and unconditional privacy of payments. The system improves significantly on the efficiency of the previously most efficient such system known in the literature, due to application of a recently proposed technique called secret-key certificates.
By definition of secret-key certificates, pairs consisting of a public key and a matching certificate can be simulated with indistinguishable probability distribution. This allows a variety of polynomial-time reductions from a well-known signature scheme to the cash system. In particular, the withdrawal protocol can be proved to be restrictive blind with respect to one account holder, relying only on a standard intractability assumption; no such result has been proved before in the literature.
Another consequence of the application of the secret-key certificate technique is that the withdrawal protocol is not a blind signature issuing protocol. This falsifies the popular belief that efficient privacy-protecting off-line electronic cash systems must be based on withdrawal protocols that are blind signature issuing protocols.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Goldreich, O., “On Defining Proofs of Knowledge,” Advances in Cryptology — CRYPTO '92, Lecture Notes in Computer Science, no. 740, Springer-Verlag, pp. 390–420.
Bos, J., Chaum, D., “SmartCash: A Practical Electronic Payment System,” Centrum voor Wiskunde en Informatica, Report CS-R9035, August 1990.
Brands, S., “Untraceable Off-Line Cash in Wallet with Observers,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, no. 773, Springer-Verlag, pp. 302–318. An extended pre-print appeared as: “An efficient off-line electronic cash system based on the representation problem,” Centrum voor Wiskunde en Informatica, Report CS-R9323, March 1993. Available by anonymous ftp from: ftp.cwi.nl:/pub/CWIreports/AA/CS-R9323.ps.Z.
Brands, S., manuscript (1993). The following parts have been submitted for publication, and are available as pre-prints: (i) “Secret-Key Certificates,” (ii) “Restrictive Blinding of Secret-Key Certificates,” [(iii) is this paper], (iv) “Extensions of Off-Line Cash,” and (v) “Privacy-protecting Digital Credentials Based on Restrictive Blinding.”
Brands, S., “Off-line Cash Transfer by Smart Cards,” Centrum voor Wiskunde en Informatica, Report CS-R9455, September 1994. Available by anonymous ftp from: ftp.cwi.nl:/pub/CWIreports/AA/CS-R9455.ps.Z. Also in: Proceedings of the First Smart Card Research and Advanced Application Conference, France, October 1994, pp. 101–117.
Brickell, E., McCurley, K., “An Interactive Identification Scheme Based on Discrete Logarithms and Factoring,” Journal of Cryptology, Vol. 5, No. 1 (1992), pp. 29–39.
Brickell, E., Gemmell, P., Kravitz, D., “Trustee-based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change,” Submitted to the Sixth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA '95), July 14, 1994.
Chaum, D., “Blind Signatures for Untraceable Payments,” Advances in Cryptology — CRYPTO '82, Lecture Notes in Computer Science, Springer-Verlag, pp. 199–203.
Chaum, D., “Achieving Electronic Privacy,” Scientific American, August 1992, pp. 96–101.
Chaum, D., Den Boer, B., Van Heijst, E., Mjolsnes, S., Steenbeek, A., “Efficient Offline Electronic Checks,” Advances in Cryptology —EUROCRYPT '89, Lecture Notes in Computer Science, no. 434, Springer-Verlag, pp. 294–301.
Chaum, D., Fiat, A., Naor, M., “Untraceable electronic cash,” Advances in Cryptology — CRYPTO '88, Lecture Notes in Computer Science, no. 403, Springer-Verlag, pp. 319–327.
Chaum, D., Pedersen, T., “Wallet databases with observers,” Advances in Cryptology — CRYPTO '92, Lecture Notes in Computer Science, no. 740, Springer-Verlag, pp. 89–105.
Chaum, D., Pedersen, T., “Transferred Cash Grows in Size,” Advances in Cryptology — EUROCRYPT '92, Lecture Notes in Computer Science, Springer-Verlag, pp. 357–367.
Chen, L., Damgard, I., Pedersen, T., “Parallel Divertibility of Proofs of Knowledge,” Pre-proceedings of EUROCRYPT '94, pp. 137–150.
Cramer, R., Pedersen, T., “Improved Privacy in Wallets with Observers,” Advances in Cryptology — EUROCRYPT '93, Lecture Notes in Computer Science, no. 765, Springer-Verlag, pp. 329–343.
Damgard, I., “Payment Systems and Credential Mechanisms With Provable Security Against Abuse by Individuals,” Advances in Cryptology — CRYPTO '88, Lecture Notes in Computer Science, no. 403, Springer-Verlag, pp. 328–335.
D'Amiano, S., Di Crescenzo, G., “Methodology for digital money based on general cryptographic tools,” Pre-proceedings of EUROCRYPT '94, pp. 151–162.
De Santis, A., Persiano, G., “Communication Efficient Zero-Knowledge Proofs of Knowledge Without Interaction,” Proceedings of the 33rd Annual IEEE Symposium on Foundations of Computer Science, 1992, pp. 427–436.
Eng, T., Okamoto, T., “Single-Term Divisible Electronic Coins,” Pre-proceedings of EUROCRYPT '94, pp. 311–323.
Feige, U., Shamir, A., “Witness Indistinguishable and Witness Hiding Protocols,” Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing, 1990, pp. 416–426.
Feige, U., Fiat, A., Shamir, A., “Zero-Knowledge Proofs of Identity,” Journal of Cryptology, Vol. 1, No. 2 (1988), pp. 77–94.
Fiat, A. and Shamir, A., “How to prove yourself: practical solutions to identification and signature problems,” Advances in Cryptology — CRYPTO '86, Lecture Notes in Computer Science, Springer-Verlag, pp. 186–194.
Ferguson, N., “Single Term Off-Line Coins,” Advances in Cryptology — EUROCRYPT '93, Lecture Notes in Computer Science, no. 765, Springer-Verlag, pp. 318–328.
Ferguson, N., “Extensions Of Single-Term Off-Line Coins,” Advances in Cryptology — CRYPTO '93, Lecture Notes in Computer Science, no. 773, Springer-Verlag, pp. 292–301.
Franklin, M., Yung, M., “Secure and Efficient Off-Line Digital Money,” Proceedings of ICALP '93, Lecture Notes in Computer Science, no. 700, Springer-Verlag, pp. 265–276.
Goldwasser, S., Micali, S., Rackoff, C., “The Knowledge Complexity of Interactive Proof Systems,” SIAM Journal on Computing, Vol. 18, No. (1989), pp. 186–208.
Guillou, L., Quisquater, J.-J., “A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory,” Advances in Cryptology-EUROCRYPT '88, Lecture Notes in Computer Science, no. 330, Springer-Verlag, pp. 123–128.
Hayes, B., “Anonymous One-Time Signatures and Flexible Untraceable Electronic Cash,” Advances in Cryptology — AUSCRYPT '90, Springer-Verlag, pp. 294–305.
Hirschfeld, R., “Making Electronic Refunds Safer,” Advances in Cryptology — CRYPTO '92, Lecture Notes in Computer Science, no. 740, Springer-Verlag.
Okamoto, T., “Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes,” Advances in Cryptology — CRYPTO '92, Lecture Notes in Computer Science, no. 740, Springer-Verlag, pp. 31–53.
Okamoto, T., Ohta, K., “Divertible Zero-Knowledge Interactive Proofs and Commutative Random Self-Reducibility,” Advances in Cryptology — EUROCRYPT '89, Lecture Notes in Computer Science, no. 434, Springer-Verlag, pp. 481–496.
Okamoto, T., Ohta, K., “Disposable Zero-Knowledge Authentications and Their Applications to Untraceable Electronic Cash,” Advances in Cryptology — CRYPTO '89, Lecture Notes in Computer Science, no. 435, Springer-Verlag, pp. 481–496.
Okamoto, T., Ohta, K., “Universal Electronic Cash,” Advances in Cryptology — CRYPTO '91, Lecture Notes in Computer Science, no. 576, Springer-Verlag, pp. 324–337.
Pfitzmann, B., Waidner, M., “How To Break and Repair A ‘Provably Secure’ Untraceable Payment System,” Advances in Cryptology — CRYPTO '91, Lecture Notes in Computer Science, no. 576, Springer-Verlag, pp. 338–350.
Schnorr, C., “Efficient Signature Generation by Smart Cards,” Journal of Cryptology, Vol. 4, No. 3 (1991), pp. 161–174.
Van Antwerpen, H., “Electronic Cash,” Eindhoven University of Technology, master's thesis, October 1990.
Veugen, T., “Some mathematical and computational aspects of electronic cash,” Eindhoven University of Technology, master's thesis, November 1991.
Veugen, T., “The Security of an RSA-based Cut-and-choose Protocol,” Submitted for publication, September 15, 1993.
Yacobi, Y., “Efficient electronic money,” To appear in: Proceedings of AUSCRYPT '94.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Brands, S. (1995). Off-line electronic cash based on secret-key certificates. In: Baeza-Yates, R., Goles, E., Poblete, P.V. (eds) LATIN '95: Theoretical Informatics. LATIN 1995. Lecture Notes in Computer Science, vol 911. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-59175-3_86
Download citation
DOI: https://doi.org/10.1007/3-540-59175-3_86
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-59175-7
Online ISBN: 978-3-540-49220-7
eBook Packages: Springer Book Archive