Cryptology ePrint Archive: Report 2015/318

Practical Divisible E-Cash

Patrick Märtens

Abstract: Divisible e-cash systems allow a user to withdraw a wallet containing K coins and to spend k < K + 1 coins in a single operation, respectively. Independent of the new work of Canard, Pointcheval, Sanders and Traoré (Proceedings of PKC ’15) we present a practical and secure divisible e-cash system in which the bandwidth of each protocol is constant while the system fulfills the standard security requirements (especially which is unforgeable and truly anonymous) in the random oracle model. In other existing divisible e-cash systems that are truly anonymous, either the bandwidth of withdrawing depends on K or the bandwidth of spending depends on k. Moreover, using some techniques of the work of Canard, Pointcheval, Sanders and Traoré we are also able to prove the security in the standard model.

Furthermore, we show an efficient attack against the unforgeability of Canard and Gouget’s divisible e-cash scheme (FC ’10).

Finally, we extend our scheme to a divisible e-cash system that provides withdrawing and spending of an arbitrary value of coins (not necessarily a power of two) and give an extension to a fair e-cash scheme.

Category / Keywords: public-key cryptography / E-Cash, divisible, constant-size, accumulator, pairings, standard model

Date: received 8 Apr 2015, last revised 9 Apr 2015

Contact author: patrickmaertens at gmx de

Available format(s): PDF | BibTeX Citation

Version: 20150411:032803 (All versions of this report)

Short URL: ia.cr/2015/318

Discussion forum: Show discussion | Start new discussion