From 71cf852ab5e05f7ee495b6b334dad1d3c18a0c46 Mon Sep 17 00:00:00 2001 From: Jeff Burdges Date: Tue, 8 Nov 2016 15:41:06 +0100 Subject: Compact E-Cash discussion --- doc/paper/taler.bib | 32 ++++++++++++++++++++++++-------- doc/paper/taler.tex | 28 +++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 11 deletions(-) (limited to 'doc') diff --git a/doc/paper/taler.bib b/doc/paper/taler.bib index 67bf07c25..663309259 100644 --- a/doc/paper/taler.bib +++ b/doc/paper/taler.bib @@ -99,14 +99,30 @@ @inproceedings{Camenisch05compacte-cash, - author = {Jan Camenisch and Susan Hohenberger and Anna Lysyanskaya}, - title = {Compact e-cash}, - booktitle = {In EUROCRYPT, volume 3494 of LNCS}, - year = {2005}, - pages = {302--321}, - publisher = {Springer-Verlag} - url = {http://cs.brown.edu/~anna/papers/chl05-full.pdf}, - url_citeseerx = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.136.4640} + author = {Jan Camenisch and Susan Hohenberger and Anna Lysyanskaya}, + title = {Compact e-cash}, + booktitle = {In EUROCRYPT, volume 3494 of LNCS}, + year = {2005}, + pages = {302--321}, + publisher = {Springer-Verlag}, + url = {http://cs.brown.edu/~anna/papers/chl05-full.pdf}, + url_citeseerx = {http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.136.4640} +} + + +@Inbook{ST99, + author="Sander, Tomas and Ta-Shma, Amnon", + editor="Wiener, Michael", + title="Auditable, Anonymous Electronic Cash", + bookTitle="Advances in Cryptology --- CRYPTO' 99: 19th Annual International Cryptology Conference Santa Barbara, California, USA, August 15--19, 1999 Proceedings", + year="1999", + publisher="Springer Berlin Heidelberg", + address="Berlin, Heidelberg", + pages="555--572", + isbn="978-3-540-48405-9", + doi="10.1007/3-540-48405-1_35", + doi_url="http://dx.doi.org/10.1007/3-540-48405-1_35", + url = {http://www.cs.tau.ac.il/~amnon/Papers/ST.crypto99.pdf"} } diff --git a/doc/paper/taler.tex b/doc/paper/taler.tex index 19b1b19f5..c1b38ae12 100644 --- a/doc/paper/taler.tex +++ b/doc/paper/taler.tex @@ -292,15 +292,37 @@ multiple transactions can be linked to each other. Performing fractional payments using $k$-show signatures is also rather expensive. -% For longer non-conference version : -% -Add note on Carmenisch's compact e-cash withdrawals \cite{Camenisch05compacte-cash} -% -Add note on Merkle tree based scheme that inspired Zerocash +In pure blind signature based schemes like Taler, withdrawal and spend +operations require bandwidth logarithmic in the value being withdrawn +or spent. In \cite{Camenisch05compacte-cash}, there is a zero-knoledge +scheme that improves upon this, requiring only constant bandwidth for +withdrawals and spend operations, but sadly the exchanges' storage and +search costs become lienar in the total value of all transactions. +In princile, one could correct this by adding multiple denominations, +an open problem stated already in \cite{Camenisch05compacte-cash}. +As described, the scheme employs offline double spending protection, +which inherently makes it fragile and create an wholey unneccasry +deanonymization risk. We believe the offline protection from double +spending could be removed, thus switching the scheme to only protection +against online doulbe spending, like Taler. +Along with fixing these two issues, an interesting applied research project +would be to add partial spending and a form of Taler's refresh protocol. +At present, we feel these relatively new cryptographic techniques incur +unacceptable financial risks to the exchange, due to underdeveloped +implementation practice. + +In this vein, there are pure also zero-knoledge proof based schemes +like \cite{ST99}, and subsequently Zerocash~\cite{zerocash}, and maybe +varations on BOLT~\cite{BOLT}, that avoid using any denomination-like +constructs, slightly reducing metadata leakage. At present, these all +incur excessive bandwidth or computational costs however. %Some argue that the focus on technically perfect but overwhelmingly %complex protocols, as well as the the lack of usable, practical %solutions lead to an abandonment of these ideas by %practitioners~\cite{selby2004analyzing}. +% FIXME: Move to top of section? % FIXME: ask OpenCoin dev's about this! Then make statement firmer! To our knowledge, the only publicly available effort to implement Chaum's idea is Opencoin~\cite{dent2008extensions}. However, Opencoin -- cgit v1.2.3