1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

@INPROCEEDINGS{camenisch2007endorsed,
author={J. Camenisch and A. Lysyanskaya and M. Meyerovich},
booktitle={2007 IEEE Symposium on Security and Privacy (SP '07)},
title={Endorsed ECash},
year={2007},
pages={101115},
keywords={electronic money;protocols;ecash;electronic cash scheme;fair exchange protocol;lightweight endorsement;onion routing;Authentication;Cryptographic protocols;Cryptography;Digital signatures;Explosions;Information security;Merchandise;Privacy;Routing},
doi={10.1109/SP.2007.15},
ISSN={10816011},
month={May},
}
@Inbook{chaum1983blind,
author="Chaum, David",
editor="Chaum, David
and Rivest, Ronald L.
and Sherman, Alan T.",
title="Blind Signatures for Untraceable Payments",
bookTitle="Advances in Cryptology: Proceedings of Crypto 82",
year="1983",
publisher="Springer US",
address="Boston, MA",
pages="199203",
abstract="Automation of the way we pay for goods and services is already underway, as can be seen by the variety and growth of electronic banking services available to consumers. The ultimate structure of the new electronic payments system may have a substantial impact on personal privacy as well as on the nature and extent of criminal use of payments. Ideally a new payments system should address both of these seemingly conflicting sets of concerns.",
isbn="9781475706024",
doi="10.1007/9781475706024_18",
url="https://doi.org/10.1007/9781475706024_18"
}
@Inbook{chaum1990untraceable,
author="Chaum, David
and Fiat, Amos
and Naor, Moni",
editor="Goldwasser, Shafi",
title="Untraceable Electronic Cash",
bookTitle="Advances in Cryptology  CRYPTO' 88: Proceedings",
year="1990",
publisher="Springer New York",
address="New York, NY",
pages="319327",
abstract="The use of credit cards today is an act of faith on the part of all concerned. Each party is vulnerable to fraud by the others, and the cardholder in particular has no protection against surveillance.",
isbn="9780387347998",
doi="10.1007/0387347992_25",
url="https://doi.org/10.1007/0387347992_25"
}
@Inbook{pointcheval2017,
author="Pointcheval, David
and Sanders, Olivier
and Traor{\'e}, Jacques",
editor="Fehr, Serge",
title="Cut Down the Tree to Achieve Constant Complexity in Divisible Ecash",
bookTitle="PublicKey Cryptography  PKC 2017: 20th IACR International Conference on Practice and Theory in PublicKey Cryptography, Amsterdam, The Netherlands, March 2831, 2017, Proceedings, Part I",
year="2017",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="6190",
abstract="Divisible ecash, proposed in 1991 by Okamoto and Ohta, addresses a practical concern of electronic money, the problem of paying the exact amount. Users of such systems can indeed withdraw coins of a large value N and then divide it into many pieces of any desired values {\$}{\$}V{\backslash}le N{\$}{\$} . Such a primitive therefore allows to avoid the use of several denominations or change issues. Since its introduction, many constructions have been proposed but all of them make use of the same framework: they associate each coin with a binary tree, which implies, at least, a logarithmic complexity for the spendings.",
isbn="9783662543658",
doi="10.1007/9783662543658_4",
url="https://doi.org/10.1007/9783662543658_4"
}
@Inbook{canard2015divisible,
author="Canard, S{\'e}bastien
and Pointcheval, David
and Sanders, Olivier
and Traor{\'e}, Jacques",
editor="Katz, Jonathan",
title="Divisible ECash Made Practical",
bookTitle="PublicKey Cryptography  PKC 2015: 18th IACR International Conference on Practice and Theory in PublicKey Cryptography, Gaithersburg, MD, USA, March 30  April 1, 2015, Proceedings",
year="2015",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="77100",
abstract="Divisible Ecash systems allow users to withdraw a unique coin of value {\$}{\$}2^n{\$}{\$} from a bank, but then to spend it in several times to distinct merchants. In such a system, whereas users want anonymity of their transactions, the bank wants to prevent, or at least detect, doublespending, and trace the defrauders. While this primitive was introduced two decades ago, quite a few (really) anonymous constructions have been introduced. In addition, all but one were just proven secure in the random oracle model, but still with either weak security models or quite complex settings and thus costly constructions. The unique proposal, secure in the standard model, appeared recently and is unpractical. As evidence, the authors left the construction of an efficient scheme secure in this model as an open problem.",
isbn="9783662464472",
doi="10.1007/9783662464472_4",
url="https://doi.org/10.1007/9783662464472_4"
}
@Inbook{camenisch2005,
author="Camenisch, Jan
and Hohenberger, Susan
and Lysyanskaya, Anna",
editor="Cramer, Ronald",
title="Compact ECash",
bookTitle="Advances in Cryptology  EUROCRYPT 2005: 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 2226, 2005. Proceedings",
year="2005",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="302321",
abstract="This paper presents efficient offline anonymous ecash schemes where a user can withdraw a wallet containing 2ℓ coins each of which she can spend unlinkably. Our first result is a scheme, secure under the strong RSA and the yDDHI assumptions, where the complexity of the withdrawal and spend operations is {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell + k){\$} and the user's wallet can be stored using {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell + k){\$} bits, where k is a security parameter. The best previously known schemes require at least one of these complexities to be {\$}{\{}{\backslash}mathcal O{\}}(2^{\{}{\backslash}rm {\backslash}ell{\}}{\backslash}cdot k){\$} . In fact, compared to previous ecash schemes, our whole wallet of 2ℓ coins has about the same size as one coin in these schemes. Our scheme also offers exculpability of users, that is, the bank can prove to third parties that a user has doublespent. We then extend our scheme to our second result, the first ecash scheme that provides traceable coins without a trusted third party. That is, once a user has double spent one of the 2ℓ coins in her wallet, all her spendings of these coins can be traced. However, the price for this is that the complexity of the spending and of the withdrawal protocols becomes {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell {\backslash}cdot k){\$} and {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell {\backslash}cdot k+k^{\{}2{\}}){\$} bits, respectively, and wallets take {\$}{\{}{\backslash}mathcal O{\}}({\backslash}ell {\backslash}cdot k){\$} bits of storage. All our schemes are secure in the random oracle model.",
isbn="9783540320555",
doi="10.1007/11426639_18",
url="https://doi.org/10.1007/11426639_18"
}
@misc{maertens2015,
author = {Patrick Märtens},
title = {Practical Compact ECash with Arbitrary Wallet Size},
howpublished = {Cryptology ePrint Archive, Report 2015/086},
year = {2015},
note = {\url{http://eprint.iacr.org/2015/086}},
}
@Inbook{canard2015scalable,
author="Canard, S{\'e}bastien
and Pointcheval, David
and Sanders, Olivier
and Traor{\'e}, Jacques",
editor="Malkin, Tal
and Kolesnikov, Vladimir
and Lewko, Allison Bishop
and Polychronakis, Michalis",
title="Scalable Divisible Ecash",
bookTitle="Applied Cryptography and Network Security: 13th International Conference, ACNS 2015, New York, NY, USA, June 25, 2015, Revised Selected Papers",
year="2015",
publisher="Springer International Publishing",
address="Cham",
pages="287306",
abstract="Divisible Ecash has been introduced twenty years ago but no construction is both fully secure in the standard model and efficiently scalable. In this paper, we fill this gap by providing an anonymous divisible Ecash construction with constanttime withdrawal and spending protocols. Moreover, the deposit protocol is constanttime for the merchant, whatever the spent value is. It just has to compute and store {\$}{\$}2^l{\$}{\$} serial numbers when a value {\$}{\$}2^l{\$}{\$} is deposited, compared to {\$}{\$}2^n{\$}{\$} serial numbers whatever the spent amount (where {\$}{\$}2^n{\$}{\$} is the global value of the coin) in the recent stateoftheart paper. This makes a very huge difference when coins are spent in several times.",
isbn="9783319281667",
doi="10.1007/9783319281667_14",
url="https://doi.org/10.1007/9783319281667_14"
}
@Inbook{okamoto1995efficient,
author="Okamoto, Tatsuaki",
editor="Coppersmith, Don",
title="An Efficient Divisible Electronic Cash Scheme",
bookTitle="Advances in Cryptology  CRYPT0' 95: 15th Annual International Cryptology Conference Santa Barbara, California, USA, August 2731, 1995 Proceedings",
year="1995",
publisher="Springer Berlin Heidelberg",
address="Berlin, Heidelberg",
pages="438451",
abstract="Recently, several ``divisible'' untraceable offline electronic cash schemes have been presented [8, 11, 19, 20]. This paper presents the first practical ``divisible'' untraceable1 offline cash scheme that is ``singleterm''2 in which every procedure can be executed in the order of log N, where N is the precision of divisibility, i.e., N = (the total coin value)/(minimum divisible unit value). Therefore, our ``divisible'' offline cash scheme is more efficient and practical than the previous schemes. For example, when N = 217 (e.g., the total value is about {\$} 1000, and the minimum divisible unit is 1 cent), our scheme requires only about 1 Kbyte of data be transfered from a customer to a shop for one payment and about 20 modular exponentiations for one payment, while all previous divisible cash schemes require more than several Kbytes of transfered data and more than 200 modular exponentiations for one payment.",
isbn="9783540447504",
doi="10.1007/3540447504_35",
url="https://doi.org/10.1007/3540447504_35"
}
@techreport{brands1993efficient,
author = {Brands, Stefan A.},
title = {An Efficient Offline Electronic Cash System Based On The Representation Problem.},
year = {1993},
source = {http://www.ncstrl.org:8900/ncstrl/servlet/search?formname=detail\&id=oai%3Ancstrlh%3Aercim_cwi%3Aercim.cwi%2F%2FCSR9323},
publisher = {CWI (Centre for Mathematics and Computer Science)},
address = {Amsterdam, The Netherlands, The Netherlands},
}
@inproceedings{tracz2001,
author = {Tracz, Robert and Wrona, Konrad},
title = {Fair Electronic Cash Withdrawal and Change Return for Wireless Networks},
booktitle = {Proceedings of the 1st International Workshop on Mobile Commerce},
series = {WMC '01},
year = {2001},
isbn = {1581133766},
location = {Rome, Italy},
pages = {1419},
numpages = {6},
url = {http://doi.acm.org/10.1145/381461.381464},
doi = {10.1145/381461.381464},
acmid = {381464},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {electronic commerce, payment systems, wireless applications},
}
@inproceedings{schoenmakers1997security,
author = {Schoenmakers, Berry},
title = {Security Aspects of the Ecash\&\#153; Payment System},
booktitle = {State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography  Revised Lectures},
year = {1998},
isbn = {3540654747},
location = {Leuven, Belgium},
pages = {338352},
numpages = {15},
url = {http://dl.acm.org/citation.cfm?id=647443.726912},
acmid = {726912},
publisher = {SpringerVerlag},
address = {London, UK, UK},
}
