Paper 2015/318

Practical Divisible E-Cash

Patrick Märtens

Abstract

Divisible e-cash systems allow a user to withdraw a wallet containing K coins and to spend k < K + 1 coins in a single operation, respectively. Independent of the new work of Canard, Pointcheval, Sanders and Traoré (Proceedings of PKC ’15) we present a practical and secure divisible e-cash system in which the bandwidth of each protocol is constant while the system fulfills the standard security requirements (especially which is unforgeable and truly anonymous) in the random oracle model. In other existing divisible e-cash systems that are truly anonymous, either the bandwidth of withdrawing depends on K or the bandwidth of spending depends on k. Moreover, using some techniques of the work of Canard, Pointcheval, Sanders and Traoré we are also able to prove the security in the standard model. Furthermore, we show an efficient attack against the unforgeability of Canard and Gouget’s divisible e-cash scheme (FC ’10). Finally, we extend our scheme to a divisible e-cash system that provides withdrawing and spending of an arbitrary value of coins (not necessarily a power of two) and give an extension to a fair e-cash scheme.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
E-Cashdivisibleconstant-sizeaccumulatorpairingsstandard model
Contact author(s)
patrickmaertens @ gmx de
History
2015-04-11: received
Short URL
https://ia.cr/2015/318
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/318,
      author = {Patrick Märtens},
      title = {Practical Divisible E-Cash},
      howpublished = {Cryptology ePrint Archive, Paper 2015/318},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/318}},
      url = {https://eprint.iacr.org/2015/318}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.