Paper 2020/614

Lattice-Based E-Cash, Revisited

Amit Deo, Benoit Libert, Khoa Nguyen, and Olivier Sanders


Electronic cash (e-cash) was introduced 40 years ago as the digital analogue of traditional cash. It allows users to withdraw electronic coins that can be spent anonymously with merchants. As advocated by Camenisch et al. (Eurocrypt 2005), it should be possible to store the withdrawn coins compactly (i.e., with logarithmic cost in the total number of coins), which has led to the notion of compact e-cash. Many solutions were proposed for this problem but the security proofs of most of them were invalidated by a very recent paper by Bourse et al. (Asiacrypt 2019). The same paper describes a generic way of fixing existing constructions/proofs but concrete instantiations of this patch are currently unknown in some settings. In particular, compact e-cash is no longer known to exist under quantum-safe assumptions. In this work, we resolve this problem by proposing the first secure compact e-cash system based on lattices following the result from Bourse et al. Contrarily to the latter work, our construction is not only generic, but we describe two concrete instantiations. We depart from previous frameworks of e-cash systems by leveraging lossy trapdoor functions to construct our coins. The indistinguishability of lossy and injective keys allows us to avoid the very strong requirements on the involved pseudo-random functions that were necessary to instantiate the generic patch proposed by Bourse et al.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in ASIACRYPT 2020
Lattice-based cryptographye-cashanonymityexculpabilityprovable security
Contact author(s)
amit deo @ ens-lyon fr
benoit libert @ ens-lyon fr
khoantt @ ntu edu sg
olivier sanders @ orange com
2020-09-03: revised
2020-05-25: received
See all versions
Short URL
Creative Commons Attribution


      author = {Amit Deo and Benoit Libert and Khoa Nguyen and Olivier Sanders},
      title = {Lattice-Based E-Cash, Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2020/614},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.