Paper 2007/148

Practical Compact E-Cash

Man Ho Au, Willy Susilo, and Yi Mu

Abstract

Compact e-cash schemes allow a user to withdraw a wallet containing k coins in a single operation, each of which the user can spend unlinkably. One big open problem for compact e-cash is to allow multiple denominations of coins to be spent efficiently without executing the spend protocol a number of times. In this paper, we give a (\emph{partial}) solution to this open problem by introducing two additional protocols, namely, compact spending and batch spending. Compact spending allows spending all the coins in one operation while batch spending allows spending any number of coins in the wallet in a single execution. We modify the security model of compact e-cash to accommodate these added protocols and present a generic construction. While the spending and compact spending protocol are of constant time and space complexities, complexities of batch spending is linear in the number of coins to be spent together. Thus, we regard our solution to the open problem as {\it partial}. We provide two instantiations under the -SDH assumption and the LRSW assumption respectively and present security arguments for both instantiations in the random oracle model.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. This is the full version of the paper that is going to appear in ACISP 2007
Keywords
E-Cashconstant-sizecompactbilinear pairings
Contact author(s)
mhaa456 @ uow edu au
History
2007-04-25: received
Short URL
https://ia.cr/2007/148
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2007/148,
      author = {Man Ho Au and Willy Susilo and Yi Mu},
      title = {Practical Compact E-Cash},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/148},
      year = {2007},
      url = {https://eprint.iacr.org/2007/148}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.