RIS ID
12987
Abstract
We present a bandwidth-efficient off-line anonymous e-cash scheme with traceable coins. Once a user double-spends, his identity can be revealed and all his coins in the system can be traced, without resorting to TTP. For a security level comparable with 1024-bit standard RSA signature, the payment transcript size is only 512 bytes. Security of the proposed scheme is proven under the q-strong Diffie-Hellman assumption and the decisional linear assumption, in the random oracle model. The transcript size of our scheme can be further reduced to 192 bytes if external Diffie-Hellman assumption is made. Finally, we propose a variant such that there exists a TTP with the power to revoke the identity of a payee and trace all coins from the same user, which may be desirable when a malicious user is identified by some non-cryptographic means.
Publication Details
Au, M., Chow, S., & Susilo, W. (2005). Short E-Cash. In S. Maitra, C. Madhavan & R. Venkatesan (Eds.), International Conference on Cryptology in India (pp. 332-346). Berlin, Germany: Springer.