How to break another "provably secure" payment system

Authors:
Birgit Pfitzmann;Matthias Schunter;Michael Waidner
Affiliations:
Universität Hildesheim, Institut für Informatik, Hildesheim, Germany;Universität Hildesheim, Institut für Informatik, Hildesheim, Germany;Institut für Rechnerentwurf und Fehlertoleranz, Universität Karlsruhe, Karlsruhe, Germany
Venue:
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Year:
1995

Citing 6
Cited 3

Security without identification: transaction systems to make big brother obsolete

Communications of the ACM
Sorting out signature schemes

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A non-interactive electronic cash system

CIAC '94 Proceedings of the second Italian conference on Algorithms and complexity
Secure and Efficient Off-Line Digital Money (Extended Abstract)

ICALP '93 Proceedings of the 20th International Colloquium on Automata, Languages and Programming
Communication Efficient Zero-Knowledge Proofs of Knowledge (With Applications to Electronic Cash)

STACS '92 Proceedings of the 9th Annual Symposium on Theoretical Aspects of Computer Science
Protocols for secure computations

SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science

Robustness Principles for Public Key Protocols

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Proving a Shuffle Using Representations of the Symmetric Group

Information Security and Cryptology --- ICISC 2008
Anonymous NIZK proofs of knowledge with preprocessing

EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques

Quantified Score

Hi-index	0.00

Visualization

Abstract

At Euroctypt '94, Stefano D'Amiano and Giovanni Di Crescenzo presented a protocol for untraceable electronic cash based on non-interactive zero-knowledge proofs of knowledge with preprocessing. It was supposed to be provably secure given this and a few other general cryptographic tools. We show that this protocol nevertheless does not provide any untraceability and has some further weaknesses. We also break another "provably secure" system proposed by Di Crescenzo at CIAC 94. This is the second case of problems with "provably secure" payment systems. Moreover, yet another system with this name tacitly solves a much weaker problem than the seminal paper by Chaum, Fiat, and Naor and most other "practical" papers in this field (de Santis and Persiano, STACS 92). We therefore identify some principal problems with definitions and proofs of such schemes, and sketch better ways to handle them.