@INPROCEEDINGS{camenisch2007endorsed, author={J. Camenisch and A. Lysyanskaya and M. Meyerovich}, booktitle={2007 IEEE Symposium on Security and Privacy (SP '07)}, title={Endorsed E-Cash}, year={2007}, pages={101-115}, keywords={electronic money;protocols;e-cash;electronic cash scheme;fair exchange protocol;lightweight endorsement;onion routing;Authentication;Cryptographic protocols;Cryptography;Digital signatures;Explosions;Information security;Merchandise;Privacy;Routing}, doi={10.1109/SP.2007.15}, ISSN={1081-6011}, month={May}, } @Inbook{chaum1983, author="Chaum, David", editor="Chaum, David and Rivest, Ronald L. and Sherman, Alan T.", title="Blind Signatures for Untraceable Payments", bookTitle="Advances in Cryptology: Proceedings of Crypto 82", year="1983", publisher="Springer US", address="Boston, MA", pages="199--203", abstract="Automation of the way we pay for goods and services is already underway, as can be seen by the variety and growth of electronic banking services available to consumers. The ultimate structure of the new electronic payments system may have a substantial impact on personal privacy as well as on the nature and extent of criminal use of payments. Ideally a new payments system should address both of these seemingly conflicting sets of concerns.", isbn="978-1-4757-0602-4", doi="10.1007/978-1-4757-0602-4_18", url="https://doi.org/10.1007/978-1-4757-0602-4_18" } @Inbook{chaum1990, author="Chaum, David and Fiat, Amos and Naor, Moni", editor="Goldwasser, Shafi", title="Untraceable Electronic Cash", bookTitle="Advances in Cryptology --- CRYPTO' 88: Proceedings", year="1990", publisher="Springer New York", address="New York, NY", pages="319--327", abstract="The use of credit cards today is an act of faith on the part of all concerned. Each party is vulnerable to fraud by the others, and the cardholder in particular has no protection against surveillance.", isbn="978-0-387-34799-8", doi="10.1007/0-387-34799-2_25", url="https://doi.org/10.1007/0-387-34799-2_25" } @Inbook{pointcheval2017, author="Pointcheval, David and Sanders, Olivier and Traor{\'e}, Jacques", editor="Fehr, Serge", title="Cut Down the Tree to Achieve Constant Complexity in Divisible E-cash", bookTitle="Public-Key Cryptography -- PKC 2017: 20th IACR International Conference on Practice and Theory in Public-Key Cryptography, Amsterdam, The Netherlands, March 28-31, 2017, Proceedings, Part I", year="2017", publisher="Springer Berlin Heidelberg", address="Berlin, Heidelberg", pages="61--90", abstract="Divisible e-cash, proposed in 1991 by Okamoto and Ohta, addresses a practical concern of electronic money, the problem of paying the exact amount. Users of such systems can indeed withdraw coins of a large value N and then divide it into many pieces of any desired values {\$}{\$}V{\backslash}le N{\$}{\$} . Such a primitive therefore allows to avoid the use of several denominations or change issues. Since its introduction, many constructions have been proposed but all of them make use of the same framework: they associate each coin with a binary tree, which implies, at least, a logarithmic complexity for the spendings.", isbn="978-3-662-54365-8", doi="10.1007/978-3-662-54365-8_4", url="https://doi.org/10.1007/978-3-662-54365-8_4" } @Inbook{canard2015divisible, author="Canard, S{\'e}bastien and Pointcheval, David and Sanders, Olivier and Traor{\'e}, Jacques", editor="Katz, Jonathan", title="Divisible E-Cash Made Practical", bookTitle="Public-Key Cryptography -- PKC 2015: 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, USA, March 30 -- April 1, 2015, Proceedings", year="2015", publisher="Springer Berlin Heidelberg", address="Berlin, Heidelberg", pages="77--100", abstract="Divisible E-cash systems allow users to withdraw a unique coin of value {\$}{\$}2^n{\$}{\$} from a bank, but then to spend it in several times to distinct merchants. In such a system, whereas users want anonymity of their transactions, the bank wants to prevent, or at least detect, double-spending, and trace the defrauders. While this primitive was introduced two decades ago, quite a few (really) anonymous constructions have been introduced. In addition, all but one were just proven secure in the random oracle model, but still with either weak security models or quite complex settings and thus costly constructions. The unique proposal, secure in the standard model, appeared recently and is unpractical. As evidence, the authors left the construction of an efficient scheme secure in this model as an open problem.", isbn="978-3-662-46447-2", doi="10.1007/978-3-662-46447-2_4", url="https://doi.org/10.1007/978-3-662-46447-2_4" } @Inbook{camenisch2005, author="Camenisch, Jan and Hohenberger, Susan and Lysyanskaya, Anna", editor="Cramer, Ronald", title="Compact E-Cash", bookTitle="Advances in Cryptology -- EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005. Proceedings", year="2005", publisher="Springer Berlin Heidelberg", address="Berlin, Heidelberg", pages="302--321", abstract="This paper presents efficient off-line anonymous e-cash schemes where a user can withdraw a wallet containing 2ℓ coins each of which she can spend unlinkably. Our first result is a scheme, secure under the strong RSA and the y-DDHI assumptions, where the complexity of the withdrawal and spend operations is {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell + k){\$} and the user's wallet can be stored using {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell + k){\$} bits, where k is a security parameter. The best previously known schemes require at least one of these complexities to be {\$}{\{}{\backslash}mathcal O{\}}(2^{\{}{\backslash}rm {\backslash}ell{\}}{\backslash}cdot k){\$} . In fact, compared to previous e-cash schemes, our whole wallet of 2ℓ coins has about the same size as one coin in these schemes. Our scheme also offers exculpability of users, that is, the bank can prove to third parties that a user has double-spent. We then extend our scheme to our second result, the first e-cash scheme that provides traceable coins without a trusted third party. That is, once a user has double spent one of the 2ℓ coins in her wallet, all her spendings of these coins can be traced. However, the price for this is that the complexity of the spending and of the withdrawal protocols becomes {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell {\backslash}cdot k){\$} and {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell {\backslash}cdot k+k^{\{}2{\}}){\$} bits, respectively, and wallets take {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell {\backslash}cdot k){\$} bits of storage. All our schemes are secure in the random oracle model.", isbn="978-3-540-32055-5", doi="10.1007/11426639_18", url="https://doi.org/10.1007/11426639_18" } @misc{maertens2015, author = {Patrick Märtens}, title = {Practical Compact E-Cash with Arbitrary Wallet Size}, howpublished = {Cryptology ePrint Archive, Report 2015/086}, year = {2015}, note = {\url{http://eprint.iacr.org/2015/086}}, } @Inbook{canard2015scalable, author="Canard, S{\'e}bastien and Pointcheval, David and Sanders, Olivier and Traor{\'e}, Jacques", editor="Malkin, Tal and Kolesnikov, Vladimir and Lewko, Allison Bishop and Polychronakis, Michalis", title="Scalable Divisible E-cash", bookTitle="Applied Cryptography and Network Security: 13th International Conference, ACNS 2015, New York, NY, USA, June 2-5, 2015, Revised Selected Papers", year="2015", publisher="Springer International Publishing", address="Cham", pages="287--306", abstract="Divisible E-cash has been introduced twenty years ago but no construction is both fully secure in the standard model and efficiently scalable. In this paper, we fill this gap by providing an anonymous divisible E-cash construction with constant-time withdrawal and spending protocols. Moreover, the deposit protocol is constant-time for the merchant, whatever the spent value is. It just has to compute and store {\$}{\$}2^l{\$}{\$} serial numbers when a value {\$}{\$}2^l{\$}{\$} is deposited, compared to {\$}{\$}2^n{\$}{\$} serial numbers whatever the spent amount (where {\$}{\$}2^n{\$}{\$} is the global value of the coin) in the recent state-of-the-art paper. This makes a very huge difference when coins are spent in several times.", isbn="978-3-319-28166-7", doi="10.1007/978-3-319-28166-7_14", url="https://doi.org/10.1007/978-3-319-28166-7_14" } @Inbook{okamoto1995efficient, author="Okamoto, Tatsuaki", editor="Coppersmith, Don", title="An Efficient Divisible Electronic Cash Scheme", bookTitle="Advances in Cryptology --- CRYPT0' 95: 15th Annual International Cryptology Conference Santa Barbara, California, USA, August 27--31, 1995 Proceedings", year="1995", publisher="Springer Berlin Heidelberg", address="Berlin, Heidelberg", pages="438--451", abstract="Recently, several ``divisible'' untraceable off-line electronic cash schemes have been presented [8, 11, 19, 20]. This paper presents the first practical ``divisible'' untraceable1 off-line cash scheme that is ``single-term''2 in which every procedure can be executed in the order of log N, where N is the precision of divisibility, i.e., N = (the total coin value)/(minimum divisible unit value). Therefore, our ``divisible'' off-line cash scheme is more efficient and practical than the previous schemes. For example, when N = 217 (e.g., the total value is about {\$} 1000, and the minimum divisible unit is 1 cent), our scheme requires only about 1 Kbyte of data be transfered from a customer to a shop for one payment and about 20 modular exponentiations for one payment, while all previous divisible cash schemes require more than several Kbytes of transfered data and more than 200 modular exponentiations for one payment.", isbn="978-3-540-44750-4", doi="10.1007/3-540-44750-4_35", url="https://doi.org/10.1007/3-540-44750-4_35" } @techreport{brands1993efficient, author = {Brands, Stefan A.}, title = {An Efficient Off-line Electronic Cash System Based On The Representation Problem.}, year = {1993}, source = {http://www.ncstrl.org:8900/ncstrl/servlet/search?formname=detail\&id=oai%3Ancstrlh%3Aercim_cwi%3Aercim.cwi%2F%2FCS-R9323}, publisher = {CWI (Centre for Mathematics and Computer Science)}, address = {Amsterdam, The Netherlands, The Netherlands}, } @inproceedings{tracz2001, author = {Tracz, Robert and Wrona, Konrad}, title = {Fair Electronic Cash Withdrawal and Change Return for Wireless Networks}, booktitle = {Proceedings of the 1st International Workshop on Mobile Commerce}, series = {WMC '01}, year = {2001}, isbn = {1-58113-376-6}, location = {Rome, Italy}, pages = {14--19}, numpages = {6}, url = {http://doi.acm.org/10.1145/381461.381464}, doi = {10.1145/381461.381464}, acmid = {381464}, publisher = {ACM}, address = {New York, NY, USA}, keywords = {electronic commerce, payment systems, wireless applications}, } @inproceedings{schoenmakers1997security, author = {Schoenmakers, Berry}, title = {Security Aspects of the Ecash\&\#153; Payment System}, booktitle = {State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures}, year = {1998}, isbn = {3-540-65474-7}, location = {Leuven, Belgium}, pages = {338--352}, numpages = {15}, url = {http://dl.acm.org/citation.cfm?id=647443.726912}, acmid = {726912}, publisher = {Springer-Verlag}, address = {London, UK, UK}, }