Cryptology ePrint Archive: Report 2020/1400

Transferable E-cash: A Cleaner Model and the First Practical Instantiation

Balthazar Bauer and Georg Fuchsbauer and Chen Qian

Abstract: Transferable e-cash is the most faithful digital analog of physical cash, as it allows users to transfer coins between them in isolation, that is, without interacting with a bank or a “ledger”. Appropriate protection of user privacy and, at the same time, providing means to trace fraudulent behavior (double-spending of coins) have made instantiating the concept notoriously hard. Baldimtsi et al. (PKC'15) gave a first instantiation, but, as it relies on a powerful cryptographic primitive, the scheme is not practical. We also point out a flaw in their scheme.

In this paper we revisit the model for transferable e-cash and propose simpler yet stronger security definitions. We then provide the first concrete construction, based on bilinear groups, give rigorous proofs that it satisfies our model, and analyze its efficiency in detail.

Category / Keywords: cryptographic protocols / transferable/offline e-cash, strong anonymity

Date: received 10 Nov 2020, last revised 15 Nov 2020

Contact author: balthazar bauer at ens fr, georg fuchsbauer@tuwien ac at

Available format(s): PDF | BibTeX Citation

Version: 20201115:213606 (All versions of this report)

Short URL: ia.cr/2020/1400


[ Cryptology ePrint archive ]