The knowledge complexity of interactive proof-systems
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
A digital signature scheme secure against adaptive chosen-message attacks
SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
One-way accumulators: a decentralized alternative to digital signatures
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
An Efficient Divisible Electronic Cash Scheme
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
New Protocols for Electronic Money
ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Unlinkable Divisible Electronic Cash
ISW '00 Proceedings of the Third International Workshop on Information Security
Untraceable RFID tags via insubvertible encryption
Proceedings of the 12th ACM conference on Computer and communications security
Divisible E-Cash Systems Can Be Truly Anonymous
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
ACISP'07 Proceedings of the 12th Australasian conference on Information security and privacy
Accumulators from bilinear pairings and applications
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Compact e-cash from bounded accumulator
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Recent Advances in Electronic Cash Design
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Efficient and secure stored-value cards with leakage resilience
Computers and Electrical Engineering
Multiple denominations in e-cash with compact transaction data
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Efficient schemes for anonymous yet authorized and bounded use of cloud resources
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Practical privacy preserving cloud resource-payment for constrained clients
PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
A new hash-and-sign approach and structure-preserving signatures from DLIN
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Asynchronous computational VSS with reduced communication complexity
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Divisible e-cash in the standard model
Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
Hi-index | 0.00 |
We present an efficient off-line divisible e-cash scheme which is truly anonymouswithout a trusted third party. This is the second scheme in the literature which achieves full unlinkability and anonymity, after the seminal work proposed by Canard and Gouget. The main trick of our scheme is the use of a bounded accumulator in combination with the classical binary tree approach.The aims of this paper are twofold. Firstly, we analyze Canard and Gouget's seminal work on the efficient off-line divisible e-cash. We point out some subtleties on the parameters generation of their scheme. Moreover, spending a coin of small value requires computation of several hundreds of multi-based exponentiations, which is very costly. In short, although this seminal work provides a new approach of achieving a truly anonymous divisible e-cash, unfortunately it is rather impractical. Secondly, we present our scheme that uses a novel approach of incorporating a bounded accumulator. In terms of time and space complexities, our scheme is 50 to 100 times more efficient than Canard and Gouget's work in the spend protocol at the cost of an 10 to 500 (the large range is due to whether pre-processing is taken into account and the probabilistic nature of our withdrawal protocol) times less efficient withdrawal protocol. We believe this trade-off between the withdrawal protocol and the spend protocol is reasonable as the former protocol is to be executed much less frequent than the latter. Nonetheless, while their scheme provides an affirmative answer to whether divisible e-cash can be truly anonymous, our result puts it a step further and we show that truly anonymous divisible e-cash can be practical.