## Cryptology ePrint Archive: Report 2014/785

Sébastien Canard, David Pointcheval, Olivier Sanders and Jacques Traoré

Abstract: Divisible E-cash systems allow users to withdraw a unique coin of value $2^n$ from a bank, but then to spend it in several times to distinct merchants. In such a system, whereas users want anonymity of their transactions, the bank wants to prevent, or at least detect, double-spending, and trace the defrauders. While this primitive was introduced two decades ago, quite a few (really) anonymous constructions have been introduced. In addition, all but one were just proven secure in the random oracle model, but still with either weak security models or quite complex settings and thus costly constructions. The unique proposal, secure in the standard model, appeared recently and is unpractical. As evidence, the authors left the construction of an efficient scheme secure in this model as an open problem.

Category / Keywords: public-key cryptography / Divisible E-cash, Untraceability, Anonymity.

Original Publication (with major differences): IACR-PKC-2015

Date: received 3 Oct 2014, last revised 23 Mar 2015

Contact author: olivier sanders at orange com

Available format(s): PDF | BibTeX Citation

Note: Minor revisions - Full version of the PKC extended abstract

Short URL: ia.cr/2014/785

[ Cryptology ePrint archive ]