Cryptology ePrint Archive: Report 2015/318
Practical Divisible E-Cash
Abstract: Divisible e-cash systems allow a user to withdraw a wallet containing K coins and to spend k < K + 1 coins in a single operation, respectively. Independent of the new work of Canard, Pointcheval, Sanders and Traoré (Proceedings of PKC ’15) we present a practical and secure divisible e-cash system in which the bandwidth of each protocol is constant while the system fulfills the standard security
requirements (especially which is unforgeable and truly anonymous) in the random oracle model. In other existing divisible e-cash systems that are truly anonymous, either the bandwidth of withdrawing
depends on K or the bandwidth of spending depends on k. Moreover, using some techniques of the work of Canard, Pointcheval, Sanders and Traoré we are also able to prove the security in the standard model.
Furthermore, we show an efficient attack against the unforgeability of Canard and Gouget’s divisible e-cash scheme (FC ’10).
Finally, we extend our scheme to a divisible e-cash system that provides withdrawing and spending of an arbitrary value of coins (not necessarily a power of two) and give an extension to a fair e-cash
Category / Keywords: public-key cryptography / E-Cash, divisible, constant-size, accumulator, pairings, standard model
Date: received 8 Apr 2015, last revised 9 Apr 2015
Contact author: patrickmaertens at gmx de
Available format(s): PDF | BibTeX Citation
Version: 20150411:032803 (All versions of this report)
Short URL: ia.cr/2015/318
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]