Cryptology ePrint Archive: Report 2007/148

Practical Compact E-Cash

Man Ho Au and Willy Susilo and Yi Mu

Abstract: Compact e-cash schemes allow a user to withdraw a wallet containing $k$ coins in a single operation, each of which the user can spend unlinkably. One big open problem for compact e-cash is to allow multiple denominations of coins to be spent efficiently without executing the spend protocol a number of times. In this paper, we give a (\emph{partial}) solution to this open problem by introducing two additional protocols, namely, compact spending and batch spending. Compact spending allows spending all the $k$ coins in one operation while batch spending allows spending any number of coins in the wallet in a single execution.

We modify the security model of compact e-cash to accommodate these added protocols and present a generic construction. While the spending and compact spending protocol are of constant time and space complexities, complexities of batch spending is linear in the number of coins to be spent together. Thus, we regard our solution to the open problem as {\it partial}.

We provide two instantiations under the $q$-SDH assumption and the LRSW assumption respectively and present security arguments for both instantiations in the random oracle model.

Category / Keywords: public-key cryptography / E-Cash, constant-size, compact, bilinear pairings

Publication Info: This is the full version of the paper that is going to appear in ACISP 2007

Date: received 24 Apr 2007

Contact author: mhaa456 at uow edu au

Available formats: PDF | BibTeX Citation

Version: 20070425:081325 (All versions of this report)

Discussion forum: Show discussion | Start new discussion