Easy come-easy go divisible cash

Recently, there has been an interest in making electronic cash protocols more practical for electronic commerce by developing e-cash which is divisible (e.g., a coin which can be spent incrementally but total purchases are limited to the monetary value of the coin). In Crypto`95, T. Okamoto presented the first practical divisible, untraceable, off-line e-cash scheme, which requires only O(log N) computations for each of the withdrawal, payment and deposit procedures, where N = (total coin value)/(smallest divisible unit). However, Okamoto`s set-up procedure is quite inefficient (on the order of 4,000 multi-exponentiations and depending on the size of the RSA modulus). The authors formalize the notion of range-bounded commitment, originally used in Okamoto`s account establishment protocol, and present a very efficient instantiation which allows one to construct the first truly efficient divisible e-cash system. The scheme only requires the equivalent of one (1) exponentiation for set-up, less than 2 exponentiations for withdrawal and around 20 for payment, while the size of the coin remains about 300 Bytes. Hence, the withdrawal protocol is 3 orders of magnitude faster than Okamoto`s, while the rest of the system remains equally efficient, allowing for implementation in smart-cards. Similar to Okamoto`s, the scheme is based on proofs whose cryptographic security assumptions are theoretically clarified

Optimally Anonymous and Transferable Conditional E-cash

Transferable conditional electronic-cash (e-cash) allows a payer to spend an e-cash based on the outcome not known in advance. It also allows a payee to spend the e-cash to others, or deposit the e-cash to a bank based on the future outcome. Among security properties, the anonymity of the payer has been widely studied. However, the payer is linkable in the existing conditional e-cash schemes. This paper presents the first optimally anonymous and transferable conditional electronic-cash (e-cash) system based on two recent cryptographic primitives, i.e., the Groth-Sahai(GS) proof system and the commuting signatures, to obtain the user\u27s unlinkability and optimal anonymity. A publisher is introduced to publish the conditions, and is firstly formalized. By dividing the deposit protocol into two parts, the anonymity of the user is obtained in the deposit protocol. Compared with the existing conditional e-cash schemes, this scheme has the constant size for the computation and communication. Finally, we give the security proof in the standard model

Theoretical examination and practical implementation on cryptography algorithms, digital money protocols and related applications.

by Shek Wong.Thesis submitted in: December 1997.Thesis (M.Phil.)--Chinese University of Hong Kong, 1998.Includes bibliographical references (leaves 90-[94]).Abstract also in Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Electronic Commerce --- p.3Chapter 1.2 --- Electronic Cash --- p.7Chapter 1.3 --- What This Report Contains --- p.9Chapter 2 --- Cryptographic Background --- p.11Chapter 2.1 --- Euler Totient Function --- p.12Chapter 2.2 --- Fermat's Little Theorem --- p.12Chapter 2.3 --- Quadratic Residues --- p.12Chapter 2.4 --- Legendre Symbol --- p.13Chapter 2.5 --- Jacobi Symbol --- p.14Chapter 2.6 --- Blum Integer --- p.16Chapter 2.7 --- Williams Integer --- p.18Chapter 2.8 --- The Quadratic Residuosity Problem --- p.19Chapter 2.9 --- The Factorization Problem --- p.20Chapter 2.10 --- The Discrete Logarithm Problem --- p.20Chapter 2.11 --- One-way Functions --- p.21Chapter 2.12 --- Blind Signature --- p.22Chapter 2.13 --- Cut-and-choose Methodology --- p.24Chapter 3 --- Anatomy and Panorama of Electronic Cash --- p.26Chapter 3.1 --- Anatomy of Electronic Cash --- p.26Chapter 3.1.1 --- Three Functions and Six Criteria --- p.28Chapter 3.1.2 --- Untraceable --- p.29Chapter 3.1.3 --- Online and Off-line --- p.30Chapter 3.1.4 --- Security --- p.32Chapter 3.1.5 --- Transferability --- p.33Chapter 3.2 --- Panorama of Electronic Cash --- p.34Chapter 3.2.1 --- First Model of Off-line Electronic Cash --- p.34Chapter 3.2.2 --- Successors --- p.35Chapter 3.2.3 --- Binary Tree Based Divisible Electronic Cash --- p.36Chapter 4 --- Spending Limit Enforced Electronic Cash --- p.37Chapter 4.1 --- Introduction to Spending Limit Enforced Electronic Cash --- p.37Chapter 4.2 --- The Scheme --- p.41Chapter 4.3 --- An Example --- p.44Chapter 4.4 --- Techniques --- p.47Chapter 4.5 --- Security and Efficiency --- p.51Chapter 5 --- Interest-bearing Electronic Cash --- p.53Chapter 5.1 --- Introduction to Interest-bearing Electronic Cash --- p.53Chapter 5.2 --- An Example --- p.55Chapter 5.3 --- The Scheme --- p.55Chapter 5.4 --- Security --- p.57Chapter 5.5 --- An Integrated Scheme --- p.58Chapter 5.6 --- Applications --- p.59Chapter 6 --- Abacus Type Electronic Cash --- p.61Chapter 6.1 --- Introduction --- p.61Chapter 6.2 --- Abacus Model --- p.63Chapter 6.3 --- Divisible Abacus Electronic Coins --- p.66Chapter 6.3.1 --- Binary Tree Abacus Approach --- p.66Chapter 6.3.2 --- Multi-tree Approach --- p.57Chapter 6.3.3 --- Analysis --- p.69Chapter 6.4 --- Abacus Electronic Cash System --- p.71Chapter 6.4.1 --- Opening Protocol --- p.71Chapter 6.4.2 --- Withdrawal Protocol --- p.74Chapter 6.4.3 --- Payment and Deposit Protocol --- p.75Chapter 6.5 --- Anonymity and System Efficiency --- p.78Chapter 7 --- Conclusions --- p.80Chapter A --- Internet Payment Systems --- p.82Chapter A.1 --- Bare Web FORM --- p.82Chapter A.2 --- Secure Web FORM Payment System --- p.85Chapter A.3 --- Membership Type Payment System --- p.86Chapter A.4 --- Agent Based Payment System --- p.87Chapter A.5 --- Internet-based POS --- p.87B Papers derived from this thesis --- p.89Bibliography --- p.9