Cryptology ePrint Archive: Report 2014/785
Divisible E-Cash Made Practical
Sébastien Canard, David Pointcheval, Olivier Sanders and Jacques Traoré
Abstract: Divisible E-cash systems allow users to withdraw a unique coin of value $2^n$ from a bank, but then to spend it in several times to distinct merchants. In such a system, whereas users want anonymity of their transactions, the bank wants to prevent, or at least detect, double-spending, and trace the defrauders. While this primitive was introduced two decades ago, quite a few (really) anonymous constructions have been introduced. In addition, all but one were just proven secure in the random oracle model, but still with either weak security models or quite complex settings and thus costly constructions.
The unique proposal, secure in the standard model, appeared recently and is unpractical. As evidence, the authors left the construction of an efficient scheme secure in this model as an open problem.
Category / Keywords: public-key cryptography / Divisible E-cash, Untraceability, Anonymity.
Original Publication (with major differences): IACR-PKC-2015
Date: received 3 Oct 2014, last revised 23 Mar 2015
Contact author: olivier sanders at orange com
Available format(s): PDF | BibTeX Citation
Note: Minor revisions - Full version of the PKC extended abstract
Version: 20150323:084903 (All versions of this report)
Short URL: ia.cr/2014/785
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]