Paper 2020/614
Lattice-Based E-Cash, Revisited
Amit Deo, Benoit Libert, Khoa Nguyen, and Olivier Sanders
Abstract
Electronic cash (e-cash) was introduced 40 years ago as the digital analogue of traditional cash. It allows users to withdraw electronic coins that can be spent anonymously with merchants. As advocated by Camenisch et al. (Eurocrypt 2005), it should be possible to store the withdrawn coins compactly (i.e., with logarithmic cost in the total number of coins), which has led to the notion of compact e-cash. Many solutions were proposed for this problem but the security proofs of most of them were invalidated by a very recent paper by Bourse et al. (Asiacrypt 2019). The same paper describes a generic way of fixing existing constructions/proofs but concrete instantiations of this patch are currently unknown in some settings. In particular, compact e-cash is no longer known to exist under quantum-safe assumptions. In this work, we resolve this problem by proposing the first secure compact e-cash system based on lattices following the result from Bourse et al. Contrarily to the latter work, our construction is not only generic, but we describe two concrete instantiations. We depart from previous frameworks of e-cash systems by leveraging lossy trapdoor functions to construct our coins. The indistinguishability of lossy and injective keys allows us to avoid the very strong requirements on the involved pseudo-random functions that were necessary to instantiate the generic patch proposed by Bourse et al.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- A major revision of an IACR publication in ASIACRYPT 2020
- Keywords
- Lattice-based cryptographye-cashanonymityexculpabilityprovable security
- Contact author(s)
-
amit deo @ ens-lyon fr
benoit libert @ ens-lyon fr
khoantt @ ntu edu sg
olivier sanders @ orange com - History
- 2020-09-03: revised
- 2020-05-25: received
- See all versions
- Short URL
- https://ia.cr/2020/614
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/614, author = {Amit Deo and Benoit Libert and Khoa Nguyen and Olivier Sanders}, title = {Lattice-Based E-Cash, Revisited}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/614}, year = {2020}, url = {https://eprint.iacr.org/2020/614} }