Paper 2009/107

Compact E-Cash and Simulatable VRFs Revisited

Mira Belenkiy, Melissa Chase, Markulf Kohlweiss, and Anna Lysyanskaya


Efficient non-interactive zero-knowledge proofs are a powerful tool for solving many cryptographic problems. We apply the recent Groth-Sahai (GS) proof system for pairing product equations (Eurocrypt 2008) to two related cryptographic problems: compact e-cash (Eurocrypt 2005) and simulatable verifiable random functions (CRYPTO 2007). We present the first efficient compact e-cash scheme that does not rely on a random oracle in its security proof. To this end we construct efficient GS proofs for signature possession, pseudo randomness and set membership. The GS proofs for pseudorandom functions give rise to a much cleaner and substantially faster construction of simulatable verifiable random functions (sVRF) under a weaker number theoretic assumption. We obtain the first efficient fully simulatable sVRF with a polynomial sized output domain (in the security parameter).

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
electronic commerce and payment
Contact author(s)
markulf kohlweiss @ esat kuleuven be
2009-03-11: revised
2009-03-11: received
See all versions
Short URL
Creative Commons Attribution


      author = {Mira Belenkiy and Melissa Chase and Markulf Kohlweiss and Anna Lysyanskaya},
      title = {Compact E-Cash and Simulatable VRFs Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2009/107},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.