2006 | OriginalPaper | Chapter
Balancing Accountability and Privacy Using E-Cash (Extended Abstract)
Authors : Jan Camenisch, Susan Hohenberger, Anna Lysyanskaya
Published in: Security and Cryptography for Networks
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
In an electronic cash (e-cash) system, a user can withdraw coins from the bank, and then spend each coin anonymously and unlinkably. For some applications, it is desirable to set a limit on the dollar amounts of anonymous transactions. For example, governments require that large transactions be reported for tax purposes. In this work, we present the first e-cash system that makes this possible without a trusted party. In our system, a user’s anonymity is guaranteed so long as she does not: (1) double-spend a coin, or (2) exceed the publicly-known spending limit with any merchant. The spending limit may vary with the merchant. Violation of either condition can be detected, and can (optionally) lead to identification of the user and discovery of her other activities. While it is possible to balance accountability and privacy this way using e-cash, this is impossible to do using regular cash.
Our scheme is based on our recent compact e-cash system. It is secure under the same complexity assumptions in the random-oracle model. We inherit its efficiency: 2
ℓ
coins can be stored in
O
(ℓ+
k
) bits and the complexity of the withdrawal and spend protocols is
O
(ℓ+
k
), where
k
is the security parameter.