Abstract
Electronic cash is one of the most important applications of public-key cryptosystems. This paper gives lower bounds for data size and computational complexity of divisible electronic cash based on the Chaum-Fiat-Naor (CFN) paradigm, with respect to the precision of divisibility, N, which is (the total coin value)/(minimum divisible denomination). Achieving computational lower bounds in the most general model of computations are extremely hard task. We therefore concentrate on a concrete model of computation where the computational unit (like a trapdoor one way function application) is atomic, and where some structure of the coin and its splits is assumed. All previous upper bounds in this area are within this general model. We show that the lower bound for computational complexity of generating a (divided) coin is log2 N · Comp(term), and the lower bound for coin size is log2 N · ¦term¦ + log2 N, where Comp(term) is a computational complexity unit such as that of one modular exponentiation, and ¦term¦ is a unit size of a coin such as the size of a modulus. (Such a unit is called a term). These bounds are optimal, since they are of the same order as the upper` bounds in the previously proposed divisible cash systems.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
Brands, S., “Untraceable Off-line Cash in Wallet with Observers”, Proceedings of Crypto 93, LNCS 773, Springer-Verlag, pp.302–318 (1994).
Chaum, D., Fiat, A., and Naor, M., “Untraceable Electronic Cash,” Proceedings of Crypto 88, LNCS 403, Springer-Verlag, pp.319–327 (1990).
D'amingo, S. and Di Crescenzo, G., “Methodology for Digital Money based on General Cryptographic Tools”, Proceedings of Eurocrypt 94, LNCS 950, Springer-Verlag, pp.156–170 (1995).
De Santis, A. and Persiano, G., “Communication Efficient Zero-Knowledge Proofs of Knowledge (with Applications to Electronic Cash)” Proceedings of STACS 92, pp.449–460 (1992).
Even, S., Goldreich, O. and Yacobi, Y., “Electronic Wallet”, Proceedings of Crypto 83, Plenum Press, pp.383–386 (1984).
Eng, T. and Okamoto, T. “Single-Term Divisible Coins,” Proceedings of Eurocrypt 94, LNCS 950, Springer-Verlag, pp.306–319 (1995).
Ferguson, N., “Single Term Off-line Coins”, Proceedings of Eurocrypt 93, LNCS 765, Springer-Verlag, pp.318–328 (1994).
Franklin, M. and Yung, M., “Secure and Efficient Off-Line Digital Money”, Proceedings of ICALP 93, pp. 449–460 (1993).
Hayes, B., “Anonymous One-Time Signatures and Flexible Untraceable Electronic Cash,” Proceedings of Auscrypt 90, LNCS 453, Springer-Verlag, pp.294–305 (1990).
Okamoto, T., and Ohta, K., “Universal Electronic Cash”, Proceedings of Crypto 91, LNCS 576, Springer-Verlag, pp.324–337 (1992).
Okamoto, T., “An Efficient Divisible Electronic Cash Scheme”, Proceedings of Crypto 95, LNCS 963, Springer-Verlag, pp.438–451 (1995).
Pailles, J.C., “New Protocols for Electronic Money”, Proceedings of Auscrypt 92, LNCS 718, Springer-Verlag, pp.263–274 (1993).
Vaudenay, S., “One-Time Identification with Low Memory,” Proceedings of Eurocodes 92 (1992).
Yacobi, Y., “Efficient electronic money”, Proceedings of Asiacrypt 94, LNCS 917, Springer-Verlag, pp. 153–163 (1994).
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okamoto, T., Yung, M. (1998). Lower bounds on term-based divisible cash systems. In: Imai, H., Zheng, Y. (eds) Public Key Cryptography. PKC 1998. Lecture Notes in Computer Science, vol 1431. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0054016
Download citation
DOI: https://doi.org/10.1007/BFb0054016
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64693-8
Online ISBN: 978-3-540-69105-1
eBook Packages: Springer Book Archive