More Compact E-Cash with Efficient Coin Tracing

In 1982, Chaum \cite{Chaum82} pioneered the anonymous e-cash which finds many applications in e-commerce. In 1993, Brands \cite{Brands93apr,Brands93,Brands93tm} and Ferguson \cite Ferguson93c,Ferguson93} published on single-term offline anonymous e-cash which were the first practical e-cash. Their constructions used blind signatures and were inefficient to implement multi-spendable e-cash. In 1995, Camenisch, Hohenberger, and Lysyanskaya \cite{CaHoLy05} gave the first compact $2^\ell$-spendable e-cash, using zero-knowledge-proof techniques. They left an open problem of the simultaneous attainment of $O(1)$-unit wallet size and efficient coin tracing. The latter property is needed to revoke {\em bad} coins from over-spenders. In this paper, we solve \cite{CaHoLy05}\u27s open problem, and thus enable the first practical compact e-cash. We use a new technique whose security reduces to a new intractability Assumption: the {\em Decisional Harmonic-Relationed Diffie-Hellman (DHRDH) Assumption}

Anonymous, authentic, and accountable resource management based on the E-cash paradigm

The prevalence of digital information management in an open network has driven the need to maintain balance between anonymity, authenticity and accountability (AAA). Anonymity allows a principal to hide its identity from strangers before trust relationship is established. Authenticity ensures the correct identity is engaged in the transaction even though it is hidden. Accountability uncovers the hidden identity when misbehavior of the principal is detected. The objective of this research is to develop an AAA management framework for secure resource allocations. Most existing resource management schemes are designed to manage one or two of the AAA attributes. How to provide high strength protection to all attributes is an extremely challenging undertaking. Our study shows that the electronic cash (E-cash) paradigm provides some important knowledge bases for this purpose. Based on Chaum-Pederson’s general transferable E-cash model, we propose a timed-zero-knowledge proof (TZKP) protocol, which greatly reduces storage spaces and communication overheads for resource transfers, without compromising anonymity and accountability. Based on Eng-Okamoto’s general divisible E-cash model, we propose a hypercube-based divisibility framework, which provides a sophisticated and flexible way to partition a chunk of resources, with different trade-offs in anonymity protection and computational costs, when it is integrated with different sub-cube allocation schemes. Based on the E-cash based resource management framework, we propose a privacy preserving service oriented architecture (SOA), which allows the service providers and consumers to exchange services without leaking their sensitive data. Simulation results show that the secure resource management framework is highly practical for missioncritical applications in large scale distributed information systems

Transferable Constant-Size Fair E-Cash

International audienceWe propose a new blind certification protocol that provides interesting properties while remaining efficient. It falls in the Groth-Sahai framework for witness-indistinguishable proofs, thus extended to a certified signature it immediately yields non-frameable group signatures. We then use it to build an efficient (offline) e-cash system that guarantees user anonymity and transferability of coins without increasing their size. As required for fair e-cash, in case of fraud, anonymity can be revoked by an authority, which is also crucial to deter from double spending

Advances in signatures, encryption, and E-Cash from bilinear groups

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (p. 147-161).We present new formal definitions, algorithms, and motivating applications for three natural cryptographic constructions. Our constructions are based on a special type of algebraic group called bilinear groups. 1. Re-Signatures: We present the first public key signature scheme where a semi-trusted proxy, given special information, can translate Alice's signature on a message into Bob's signature on the same message. The special information, however, allows nothing else, i.e., the proxy cannot translate from Bob to Alice, nor can it sign on behalf of either Alice or Bob. We show that a path through a graph can be cheaply authenticated using this scheme, with applications to electronic passports. 2. Re-Encryption: We present the first public key cryptosystem where a semi-trusted proxy, given special information, can translate an encryption of a message under Alice's key into an encryption of the same message under Bob's key. Again, the special information allows nothing else, i.e. the proxy cannot translate from Bob to Alice, decrypt on behalf of either Alice or Bob, or learn anything else about the message. We apply this scheme to create a new mechanism for secure distributed storage.(cont.) 3. Compact; E-Cash with Tracing and Bounded-Anonymity: We present an offline e-cash system where 2 coins can be stored in O(e + k) bits and withdrawn or spent in 0(f + k) time, where k is the security parameter. The best previously known schemes required at least one of these complexities to be 0(2t . k). In our system, a user's transactions are anonymous and unlinkable, unless she performs a forbidden action, such as double-spending a coin. Performing a forbidden action reveals the identity of the user, and optionally allows to trace all of her past transactions. We provide solutions without using a trusted party. We argue why features of our system are likely to be crucial to the adoption of any e-cash system.by Susan Hohenberger.Ph.D