Compact e-cash schemes allow a user to withdraw a wallet containing k coins in a single operation, each of which the user can spend unlinkably. One big open problem for compact e-cash is to allow multiple denominations of coins to be spent efficiently without executing the spend protocol a number of times. In this paper, we give a (partial) solution to this open problem by introducing two additional protocols, namely, compact spending and batch spending. Compact spending allows spending all the k coins in one operation while batch spending allows spending any number of coins in the wallet in a single execution. We modify the security model of compact e-cash to accommodate these added protocols and present a generic construction. While the spending and compact spending protocol are of constant time and space complexities, complexities of batch spending is linear in the number of coins to be spent together. Thus, we regard our solution to the open problem as partial. We provide two instantiations under the q-SDH assumption and the LRSW assumption respectively and present security arguments for both instantiations in the random oracle model.
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||12th Australasian Conference on Information Security and Privacy, ACISP2007|
|Period||2/07/07 → 4/07/07|
- Bilinear pairings
- Theoretical Computer Science
- Computer Science(all)