Paper 2007/148
Practical Compact E-Cash
Man Ho Au, Willy Susilo, and Yi Mu
Abstract
Compact e-cash schemes allow a user to withdraw a wallet containing $k$ coins in a single operation, each of which the user can spend unlinkably. One big open problem for compact e-cash is to allow multiple denominations of coins to be spent efficiently without executing the spend protocol a number of times. In this paper, we give a (\emph{partial}) solution to this open problem by introducing two additional protocols, namely, compact spending and batch spending. Compact spending allows spending all the $k$ coins in one operation while batch spending allows spending any number of coins in the wallet in a single execution. We modify the security model of compact e-cash to accommodate these added protocols and present a generic construction. While the spending and compact spending protocol are of constant time and space complexities, complexities of batch spending is linear in the number of coins to be spent together. Thus, we regard our solution to the open problem as {\it partial}. We provide two instantiations under the $q$-SDH assumption and the LRSW assumption respectively and present security arguments for both instantiations in the random oracle model.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published elsewhere. This is the full version of the paper that is going to appear in ACISP 2007
- Keywords
- E-Cashconstant-sizecompactbilinear pairings
- Contact author(s)
- mhaa456 @ uow edu au
- History
- 2007-04-25: received
- Short URL
- https://ia.cr/2007/148
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2007/148,
author = {Man Ho Au and Willy Susilo and Yi Mu},
title = {Practical Compact E-Cash},
howpublished = {Cryptology ePrint Archive, Paper 2007/148},
year = {2007},
note = {\url{https://eprint.iacr.org/2007/148}},
url = {https://eprint.iacr.org/2007/148}
}
