Short e-cash

Man Ho Allen Au, Sherman S.M. Chow, Willy Susilo

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

19 Citations (Scopus)


We present a bandwidth-efficient off-line anonymous e-cash scheme with traceable coins. Once a user double-spends, his identity can be revealed and all his coins in the system can be traced, without resorting to TTP. For a security level comparable with 1024-bit standard RSA signature, the payment transcript size is only 512 bytes. Security of the proposed scheme is proven under the q-strong Diffie-Hellman assumption and the decisional linear assumption, in the random oracle model. The transcript size of our scheme can be further reduced to 192 bytes if external Diffie-Hellman assumption is made. Finally, we propose a variant such that there exists a TTP with the power to revoke the identity of a payee and trace all coins from the same user, which may be desirable when a malicious user is identified by some non-cryptographic means.
Original languageEnglish
Title of host publicationProgress in Cryptology - INDOCRYPT 2005 - 6th International Conference on Cryptology in India, Proceedings
Number of pages15
Publication statusPublished - 1 Dec 2005
Externally publishedYes
Event6th International Conference on Cryptology in India, INDOCRYPT 2005 - Bangalore, India
Duration: 10 Dec 200512 Dec 2005

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3797 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference6th International Conference on Cryptology in India, INDOCRYPT 2005


  • Bilinear Pairing
  • Coin-traceability
  • E-cash

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Short e-cash'. Together they form a unique fingerprint.

Cite this