Paper 2005/060
Compact E-Cash
Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya
Abstract
This paper presents efficient off-line anonymous e-cash schemes where a user can withdraw a wallet containing 2^l coins each of which she can spend unlinkably. Our first result is a scheme, secure under the strong RSA and the y-DDHI assumptions, where the complexity of the withdrawal and spend operations is O(l+k) and the user's wallet can be stored using O(l+k) bits, where k is a security parameter. The best previously known schemes require at least one of these complexities to be O(2^l k). In fact, compared to previous e-cash schemes, our whole wallet of 2^l coins has about the same size as one coin in these schemes. Our scheme also offers exculpability of users, that is, the bank can prove to third parties that a user has double-spent. We then extend our scheme to our second result, the first e-cash scheme that provides traceable coins without a trusted third party. That is, once a user has double spent one of the 2^l coins in her wallet, all her spendings of these coins can be traced. We present two alternate constructions. One construction shares the same complexities with our first result but requires a strong bilinear map assumption that is only conjectured to hold on MNT curves. The second construction works on more general types of elliptic curves, but the price for this is that the complexity of the spending and of the withdrawal protocols becomes O(lk) and O(lk + k^2) bits, respectively, and wallets take O(lk) bits of storage. All our schemes are secure in the random oracle model.
Note: Fixed typo in Sum-Free DDH definition.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. An extended abstract of this paper appeared at Eurocrypt 2005.
- Contact author(s)
- jca @ zurich ibm com
- History
- 2006-03-27: last of 9 revisions
- 2005-02-25: received
- See all versions
- Short URL
- https://ia.cr/2005/060
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2005/060, author = {Jan Camenisch and Susan Hohenberger and Anna Lysyanskaya}, title = {Compact E-Cash}, howpublished = {Cryptology {ePrint} Archive, Paper 2005/060}, year = {2005}, url = {https://eprint.iacr.org/2005/060} }