Paper 2014/785

Divisible E-Cash Made Practical

Sébastien Canard, David Pointcheval, Olivier Sanders, and Jacques Traoré

Abstract

Divisible E-cash systems allow users to withdraw a unique coin of value $2^n$ from a bank, but then to spend it in several times to distinct merchants. In such a system, whereas users want anonymity of their transactions, the bank wants to prevent, or at least detect, double-spending, and trace the defrauders. While this primitive was introduced two decades ago, quite a few (really) anonymous constructions have been introduced. In addition, all but one were just proven secure in the random oracle model, but still with either weak security models or quite complex settings and thus costly constructions. The unique proposal, secure in the standard model, appeared recently and is unpractical. As evidence, the authors left the construction of an efficient scheme secure in this model as an open problem.

Note: Minor revisions - Full version of the PKC extended abstract

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in PKC 2015
Keywords
Divisible E-cashUntraceabilityAnonymity.
Contact author(s)
olivier sanders @ orange com
History
2015-03-23: last of 2 revisions
2014-10-07: received
See all versions
Short URL
https://ia.cr/2014/785
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/785,
      author = {Sébastien Canard and David Pointcheval and Olivier Sanders and Jacques Traoré},
      title = {Divisible E-Cash Made Practical},
      howpublished = {Cryptology ePrint Archive, Paper 2014/785},
      year = {2014},
      note = {\url{https://eprint.iacr.org/2014/785}},
      url = {https://eprint.iacr.org/2014/785}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.