Risk Management for E-Cash Systems with Partial Real-Time Audit

We analyze “coin-wallet” and “balance-wallet” under partial real-time audit, and compute upper bounds on theft due to the fact that not all the transactions are audited in real time, assuming that every- thing else is perfect. In particular, we assume that the audit regime holds for innocent players. Let v be the maximum allowed balance in a wallet, 0 ≤ μ ≤ 1 be the fraction of transactions that are audited in real time in an audit round that includes overall n transactions. Assume one unit transactions. We show that for μ << 1 the upper bound on expected theft for coin-wallet is $$ \frac{\upsilon } {{e^{\mu ^2 \upsilon } - 1}} $$ (which if v << μ−2 becomes $$ (e^{\mu ^2 } - 1)^{ - 1} $$), while for plausible parameter choice the bound for a balance-wallet is O(exp(v2/n)). This last bound can become huge in some cases, implying that partial audit, while suitable for coin-wallets with low denomination coins, may be too risky for balance-wallet. Some implications to the design of anonymous and non-anonymous systems are discussed.