The subliminal channel and digital signatures
Proc. of the EUROCRYPT 84 workshop on Advances in cryptology: theory and application of cryptographic techniques
On blind signatures and perfect crimes
Computers and Security
Untraceable off-line cash in wallet with observers
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Trustee-based tracing extensions to anonymous cash and the making of anonymous change
Proceedings of the sixth annual ACM-SIAM symposium on Discrete algorithms
Secure and Efficient Off-Line Digital Money (Extended Abstract)
ICALP '93 Proceedings of the 20th International Colloquium on Automata, Languages and Programming
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Wallet Databases with Observers
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Extensions of Single-term Coins
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
"Indirect Discourse Proof": Achieving Efficient Fair Off-Line E-cash
ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Hi-index | 0.00 |
For real-world applications digital coin systems, i.e., off-line payment systems offering not only the unforgeability of conventional coins but also the anonymity of customers making purchases, need to have some additional features. One of these additional features is the hardware protection of the system, provided by dedicated tamper-resistant devices called observers which are used to physically prevent illegitimate copying of coins. Another essential feature for practical applications is anonymity-revocation mechanisms. Basically, digital coin systems guarantee perfect anonymity, i.e., the bank cannot link views of the withdrawal and payments in order to determine whether or not a customer spent her money at a certain shop. The customer's privacy protection is the main difference between coin systems and those based on credit card or cheque based systems. While privacy protection is a desirable property of cash systems, perfect anonymity is not. Perfect anonymity makes possible perfect blackmailing or money laundering. To prevent such "perfect crime" it must be possible to revoke the anonymity of customers in case of need. Anonymity revocation is done by a trusted third party. Cash systems that allow anonymity revocation are called fair. We present a coin system featuring both observer and fairness, showing that both concepts do not interfere with each other and can be implemented simultaneously without loss of security. We prove this claim not only by presenting a fair variant of the Brands' coin system but additionally by outlining a generic framework for fair wallets in which essentially any blind signature scheme can be used. Unlike other fair off-line coin systems, fairness is implemented with the help of the observer, thereby reducing the computational effort during the withdrawal.