Applying anti-trust policies to increase trust in a versatile e-money system

  • Markus Jakobsson
  • Moti Yung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1318)


Due to business relationships, alliances, trust, and distribution of liability, distribution of power is an important issue in financial systems. At the same time as the security of the scheme is strengthened by this decentralization, the perception of the security is also strengthened, which is important from a business point of view. Furthermore, apart from increasing the security, client trust and availability of the system, distribution of power can also increase its functionality, as we demonstrate.

We suggest an anti-trust mechanism, namely, a method for distribution of the centralized parties into many modules (potentially controlled by different entities), and apply it to a versatile electronic-money system. The method diffuses a task into distributed modules using recent cryptographic technology; doing so, it achieves increased security, privacy, availability and functionality without introducing any noticeable disadvantage. It uses Magic Ink Signatures [29], which are blind signatures that are distributedly generated using a threshold of signers, and where signatures can always be unblinded using (perhaps another) threshold of signers as well. Furthermore, we combine this with recent proactive technology, which enables a stronger adversarial setting. We also suggest techniques for reorganization of data stored and used by various functions, employing secure repository.

The result is an electronic money system that allows user anonymity and its revocation (a notion recently advocated by some works so as to prevent potential criminal actions.) The control over revoking anonymity is given to distributed modules that control a hidden alarm channel. As part of the task diffusion we find ways to simplify and reduce the overall complexity of the system. The revocation ability and distribution of the trust are efficient and allow a large degree of versatility in the functionality of the system (change mechanisms, numerous financial instruments: cash, charge, check, micro-payments, etc.).


Signature Scheme Blind Signature Certification Authority User Anonymity Blind Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    G. Agnew, R.C. Mullin, S. Vanstone, “Improved digital signature scheme based on discrete exponentiation,” Electronics Letters, v. 26 1990, 1024–1025.Google Scholar
  2. [2]
    M. Bellare, S. Micali, “How To Sign Given Any Trap-Door Permutation,” Journal of the ACM, Vol. 39, No. 1, Jan 1992, pp. 214–233CrossRefGoogle Scholar
  3. [3]
    S. Brands, “Untraceable Off-line Cash in Wallets with Observers,” Proceedings of Crypto '93, pp. 302–318Google Scholar
  4. [4]
    E. Brickell, P. Gemmell, D. Kravitz, “Trustee-based Tracing Extensions to Anonymous Cash and the Making of Anonymous Change,” Proc. 6th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), 1995, pp. 457–466Google Scholar
  5. [5]
    J. Camenisch, U. Maurer, M. Stadler, “Digital Payment Systems with Passive Anonymity-Revoking Trustees,” Computer Security-ESORICS 96, volume 1146, pp. 33–43Google Scholar
  6. [6]
    J. Camenisch, J-M. Piveteau, M. Stadler, “An Efficient Fair Payment System,” 3rd ACM Conference on Computer and Communications Security, 1996, pp. 88–94Google Scholar
  7. [7]
    D. Chaum, “Blind Signatures for Untraceable Payments,” Advances in Cryptology-Proceedings of Crypto '82, 1983, pp. 199–203Google Scholar
  8. [8]
    D. Chaum, H. Van Antwerpen, “Undeniable Signatures,” Crypto '89, pp. 212–216Google Scholar
  9. [9]
    D. Chaum, A. Fiat and M. Naor, “Untraceable Electronic Cash,” Advances in Cryptology-Proceedings of Crypto '88, pp. 319–327Google Scholar
  10. [10]
    CitiBank and S. S. Rosen, “Electronic-Monetary System,” International Publication Number WO 93/10503; May 27 1993Google Scholar
  11. [11]
    A. De Santis, Y. Desmedt, Y. Frankel, and M. Yung, “How to Share a Function Securely,” STOC 94, pp. 522–533Google Scholar
  12. [12]
    Y. Desmedt and Y. Frankel, “Threshold cryptosystems,” Crypto '89, pp. 307–315.Google Scholar
  13. [13]
    W. Diffie and M. E. Heilman, “New Directions in Cryptography,” IEEE Trans. Info. Theory IT-22, Nov. 1976, pp. 644–654Google Scholar
  14. [14]
    T. ElGamal “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” Crypto '84, pp. 10–18Google Scholar
  15. [15]
    S. Goldwasser and S. Micali, “Probabilistic Encryption & How To Play Mental Poker Keeping Secret All Partial Information,” Proceedings of the 18th ACM Symposium on the Theory of Computing, 1982, pp. 270–299Google Scholar
  16. [16]
    S. Goldwasser, S. Micali and R. Rivest, “A ‘Paradoxical’ Solution to the Signature Problem,” 25th Annual Symposium on Foundations of Computer Science, 1984, pp. 441–448Google Scholar
  17. [17]
    S. Goldwasser, S. Micali and R. Rivest, “A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks,” SIAM Journal of Computing 17(2), April 1988, pp. 281–308CrossRefGoogle Scholar
  18. [18]
    IBM Research, “iKP-A Family of Secure Electronic Payment Protocols”, The First USENIX Workshop on Electronic Commerce, New York, July 1995Google Scholar
  19. [19]
    A. Herzberg, M. Jakobsson, S. Jarecki, H. Krawczyk, M. Yung, “Proactive Public Key and Signature Systems,” ACM Comp. and Comm. Security '97, pp. 100–113Google Scholar
  20. [20]
    A. Herzberg, S. Jarecki, H. Krawczyk, M. Yung, “Proactive Secret Sharing, or How to Cope with Perpetual Leakage,” Crypto '95, pp. 339–352Google Scholar
  21. [21]
    Y. Frankel, Y. Tsiounis, M. Yung, “Indirect Discourse Proofs: Achieving Efficient Fair Off-Line E-Cash“ Asiacrypt '96, pp. 286–300Google Scholar
  22. [22]
    M. Franklin and M. Yung, “Towards Provably Secure Efficient Electronic Cash,” Columbia Univ. Dept of C.S. TR CUCS-018-92, April 24, 1992Google Scholar
  23. [23]
    M. Franklin and M. Yung, “Blind Weak Signatures and its Applications: Putting Non-Cryptographic Secure Computation to Work,” Eurocrypt '94Google Scholar
  24. [24]
    N. Ferguson, “Extensions of Single-term Coins,” Crypto '93, pp. 292–301Google Scholar
  25. [25]
    R. Gennaro, S. Jarecki, H. Krawczyk, T. Rabin, “Robust Threshold DSS Signatures“, Eurocrypt '96.Google Scholar
  26. [26]
    M. Jakobsson, “Ripping Coins for a Fair Exchange,” Eurocrypt '95, pp. 220–230Google Scholar
  27. [27]
    M. Jakobsson, “Privacy vs. Authenticity,” PhD Thesis, University of California, San Diego, Department of Computer Science and Engineering. See: Scholar
  28. [28]
    M. Jakobsson and M. Yung, “Revocable and Versatile Electronic Money,” 3rd ACM Conference on Computer and Communications Security, 1996, pp. 76–87Google Scholar
  29. [29]
    M. Jakobsson and M. Yung, “Distributed ‘Magic Ink’ Signatures,” Advances in Cryptology-Proceedings of Eurocrypt '97, 1997.Google Scholar
  30. [30]
    S. H. Low, N. F. Maxemchuk and S. Paul, “Anonymous Credit Cards,” The Second ACM Conference on Computer and Communications Security, Nov. 1994, pp. 108–117Google Scholar
  31. [31]
    G. Medvinsky and B. C. Neuman, “Netcash: A design for practical electronic currency on the Internet,” The First ACM Conference on Computer and Communications Security, Nov. 1993, pp. 102–106.Google Scholar
  32. [32]
    G. Medvinsky and B. C. Neuman, “Requirements for Network Payment: The NetChequeTM Perspective,” Compcon '95, pp. 32–36Google Scholar
  33. [33]
    National Institute for Standards and Technology, “Digital Signature Standard (DSS),” Federal Register Vol 56(169), Aug 30, 1991Google Scholar
  34. [34]
    NBS FIPS PUB 46, “Data Encryption Standard,” National Bureau of Standards, U.S. Department of Commerce, Jan 1977Google Scholar
  35. [35]
    T. Okamoto and K. Ohta, “Disposable Zero-Knowledge Authentication and Their Applications to Untraceable Electronic Cash,” Advances in Cryptology-Proceedings of Crypto '89, 1990, pp. 481–496Google Scholar
  36. [36]
    T. Okamoto and K. Ohta, “Universal Electronic Cash,” Advances in Cryptology-Proceedings of Crypto '91, 1992, pp. 324–337Google Scholar
  37. [37]
    T. Okamoto, “An Efficient Divisible Electronic Cash Scheme,” Crypto '95, pp. 438–451Google Scholar
  38. [38]
    R. Ostrovsky and M. Yung, “How to withstand mobile virus attacks,” Proc. of the 10th ACM Symposium on the Principles in Distributed Computing, 1991, pp. 51–61.Google Scholar
  39. [39]
    B. Pfitzmann and M. Waidner, “How to break and repair a “provably secure“ payment system,” Crypto '91.Google Scholar
  40. [40]
    D. Pointcheval, J. Stern, “Security Proofs for Signature Schemes,” Eurocrypt '96, pp. 387–398Google Scholar
  41. [41]
    R. Rivest, “The MD5 Message Digest Algorithm,” RFC 1321, Apr. 1992Google Scholar
  42. [42]
    R. Rivest, A. Shamir, “PayWord and Micro-Mint-Two Simple Micropayment Schemes“, Manuscript.Google Scholar
  43. [43]
    R. Rivest, A. Shamir, L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, v. 21, n. 2, Feb 1978, pp. 120–126CrossRefGoogle Scholar
  44. [44]
    C. P. Schnorr, “Efficient Signature Generation for Smart Cards,” Crypto '89, pp. 239–252Google Scholar
  45. [45]
    M. Sirbu and J. D. Tygar, “NetBill: An Internet Commerce System Optimized for Network Delivered Services,” Compcon '95, pp. 20–25Google Scholar
  46. [46]
    S. von Solms and D. Naccache, “On Blind Signatures and Perfect Crimes,” Computers and Security, 11 (1992) pp. 581–583CrossRefGoogle Scholar
  47. [47]
    M. Stadler, J-M. Piveteau, J. Camenisch, “Fair Blind Signatures,” Advances in Cryptology-Proceedings of Eurocrypt '95, 1995Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Markus Jakobsson
    • 1
  • Moti Yung
    • 2
  1. 1.Department of Computer Science and EngineeringUniversity of CaliforniaSan Diego, La Jolla
  2. 2.CertCoUSA

Personalised recommendations