Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A non-interactive electronic cash system
CIAC '94 Proceedings of the second Italian conference on Algorithms and complexity
Secure and Efficient Off-Line Digital Money (Extended Abstract)
ICALP '93 Proceedings of the 20th International Colloquium on Automata, Languages and Programming
Communication Efficient Zero-Knowledge Proofs of Knowledge (With Applications to Electronic Cash)
STACS '92 Proceedings of the 9th Annual Symposium on Theoretical Aspects of Computer Science
Protocols for secure computations
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Robustness Principles for Public Key Protocols
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Proving a Shuffle Using Representations of the Symmetric Group
Information Security and Cryptology --- ICISC 2008
Anonymous NIZK proofs of knowledge with preprocessing
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
At Euroctypt '94, Stefano D'Amiano and Giovanni Di Crescenzo presented a protocol for untraceable electronic cash based on non-interactive zero-knowledge proofs of knowledge with preprocessing. It was supposed to be provably secure given this and a few other general cryptographic tools. We show that this protocol nevertheless does not provide any untraceability and has some further weaknesses. We also break another "provably secure" system proposed by Di Crescenzo at CIAC 94. This is the second case of problems with "provably secure" payment systems. Moreover, yet another system with this name tacitly solves a much weaker problem than the seminal paper by Chaum, Fiat, and Naor and most other "practical" papers in this field (de Santis and Persiano, STACS 92). We therefore identify some principal problems with definitions and proofs of such schemes, and sketch better ways to handle them.