Amortized E-Cash

  title={Amortized E-Cash},
  author={Moses D. Liskov and Silvio Micali},
  booktitle={Financial Cryptography},
We present an e-cash scheme which provides a trade-off between anonymity and efficiency, by amortizingth e cost of zero-knowledge and signature computation in the cash generation phase.Our work solves an open problem of Okamoto in divisible e-cash. Namely, we achieve results similar to those of Okamoto, but (1) based on traditional complexity assumptions (rather than ad hoc ones), and (2) within a much crisper definitional framework that highlights the anonymity properties, and (3) in a simple… 

A Stronger Definition for Anonymous Electronic Cash

  • Mårten Trolin
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2006
This work defines and proves the existence of simulation-sound non-interactive zeroknowledge proofs (NIZK-PK) in the CRS-model under the assumption that a family of trapdoor permutations exists.

Electronic Cash and Hierarchical Group Signatures

This thesis investigates definitions of security for previously proposed schemes for electronic cash and strengthen them so that the bank does need to be trusted to the same extent and introduces the notion of hierarchical group signatures, which allows multiple group managers organized in a tree with the signers as leaves.

Advances in signatures, encryption, and E-Cash from bilinear groups

This work presents the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signatures on the same message, and presents new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions.

Practical E-Cash



Cost-Effective Payment Schemes with Privacy Regulation

A new electronic money methodology is introduced: sub-contracting the blinding to a trustee and using an Identity-based piece of information to achieve provable privacy and security.

Practical Escrow Cash System

This paper proposes practical escrow cash schemes with the following properties: The privacy of users is preserved, unless all (or a certain portion) of the trustees collaborate. If all (or

Auditable, Anonymous Electronic Cash Extended Abstract

Most anonymous, electronic cash systems are signature-based, which means that in these systems the bank has the technical ability to issue unreported, valid money.

Anonymity Control in E-Cash Systems

Electronic cash, and other cryptographic payment systems, offer a level of user anonymity during a purchase, in order to emulate electronically the properties of physical cash exchange. However, it

Efficient scalable fair cash with off-line extortion prevention

This paper proposes a new efficient fair cash system which offers scalable security with respect to its efficiency and prevents extortion attacks, like blackmailing or the use of blindfolding protocols under off-line payments and with the involvement of the trustee only at registration of the users.

Single-Term Divisible Electronic Coins

This paper presents the construction of more efficient “divisible” off-line electronic coin schemes that are “single-term”, and examines some coin systems based on the “disposable authentication” paradigm, and shows that a specific type of “Disposable authenticated” coin system can be extended to handle divisible coins using the authors' techniques.

The All-or-Nothing Nature of Two-Party Secure Computation

It is proved that, if any non-trivial function can be so computed, then so can every function, and the complexity assumptions sufficient and/or required for computationally securely computing f are the same for every non-Trivialfunction f.

A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge

Additional features are introduced in order to provide: firstly, a mutual interactive authentication of both communicating entities and previously exchanged messages, and, secondly, a digital signature of messages, with a non-interactive zero-knowledge protocol.

Untraceable Off-line Cash in Wallets with Observers (Extended Abstract)

The electronic cash scheme in [Fer93a] can be extended to provide n-spendable coins and observers can be incorporated in the protocols to provide prior restraint against double spending by the user, instead of just detection after the fact.

Revokable and versatile electronic money (extended abstract)

The proposed scheme is efficient and easily extends the basic needs of a practical payment scheme to allow for coin divisibility, checks, credit card purchases and surety bonds, and is robust against problems arising from spurious equipment.