How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Unlinkable Divisible Electronic Cash
ISW '00 Proceedings of the Third International Workshop on Information Security
Divisible E-Cash Systems Can Be Truly Anonymous
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Practical Anonymous Divisible E-Cash from Bounded Accumulators
Financial Cryptography and Data Security
An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
On the Portability of Generalized Schnorr Proofs
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Complex zero-knowledge proofs of knowledge are easy to use
ProvSec'07 Proceedings of the 1st international conference on Provable security
Accumulators from bilinear pairings and applications
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Compact e-cash from bounded accumulator
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Optimal verification of operations on dynamic sets
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Divisible e-cash in the standard model
Pairing'12 Proceedings of the 5th international conference on Pairing-Based Cryptography
Hi-index | 0.00 |
We present a new construction of divisible e-cash that makes use of 1) a new generation method of the binary tree of keys; 2) a new way of using bounded accumulators. The transaction data sent to the merchant has a constant number of bits while spending a monetary value 2ℓ. Moreover, the spending protocol does not require complex zero-knowledge proofs of knowledge such as proofs about double discrete logarithms. We then propose the first strongly anonymous scheme with standard unforgeability requirement and realistic generation parameters while improving the efficiency of the spending phase.