A public key cryptosystem and a signature scheme based on discrete logarithms
Proceedings of CRYPTO 84 on Advances in cryptology
On blind signatures and perfect crimes
Computers and Security
Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
How To Break and Repair A "Provably Secure" Untraceable Payment System
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Efficient Group Signature Schemes for Large Groups (Extended Abstract)
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Anonymity Control in E-Cash Systems
FC '97 Proceedings of the First International Conference on Financial Cryptography
Publicly verifiable secret sharing
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Fair Electronic Cash Based on a Group Signature Scheme
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Unlinkable Divisible Electronic Cash
ISW '00 Proceedings of the Third International Workshop on Information Security
Transferable Constant-Size Fair E-Cash
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Provably secure integrated on/off-line electronic cash for flexible and efficient payment
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
INDOCRYPT'05 Proceedings of the 6th international conference on Cryptology in India
Dynamic k-times anonymous authentication
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
IWDW'04 Proceedings of the Third international conference on Digital Watermarking
k-times anonymous authentication with a constant proving cost
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Authorization architectures for privacy-respecting surveillance
EuroPKI'07 Proceedings of the 4th European conference on Public Key Infrastructure: theory and practice
Hi-index | 0.01 |
In a variant of the electronic cash protocol, an electronic coupon protocol, a withdrawn coin is divided into many sub-coins whose face values are fixed in advance, and the sub-coins are only used in payments. The original coin is called ticket and the sub-coins are called sub-tickets. The electronic cash protocol should satisfy not only the anonymity that the payer cannot be traced from the payments, but also the unlinkability. The unlinkability means that anyone cannot determine whether payments were made by the same payer. If the unlinkability does not hold, tracing the payer from one payment leads to tracing the payer from all his/her payments, and the link between the payments also facilitates the de-anonymization. In the previously proposed electronic coupon protocol, payments of sub-tickets derived from the same ticket are linkable. Since the complete anonymity of payments facilitates fraud and criminal acts, the electronic cash protocols should equip the revocation of the anonymity. In this paper, an electronic coupon protocol is proposed, where all payments are unlinkable but the anonymity of the payments can be revoked.