Skip to Main content Skip to Navigation
Conference papers

Divisible E-Cash from Constrained Pseudo-Random Functions

Florian Bourse 1 David Pointcheval 2, 3 Olivier Sanders 1
2 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique de l'École normale supérieure, CNRS - Centre National de la Recherche Scientifique : UMR 8548, Inria de Paris
Abstract : Electronic cash (e-cash) is the digital analogue of regular cash which aims at preservingusers’ privacy. Following Chaum’s seminal work, several new features were proposed for e-cash toaddress the practical issues of the original primitive. Among them,divisibilityhas proved very usefulto enable efficient storage and spendings. Unfortunately, it is also very difficult to achieve and, todate, quite a few constructions exist, all of them relying on complex mechanisms that can only beinstantiated in one specific setting. In addition security models are incomplete and proofs sometimeshand-wavy.In this work, we first provide a complete security model for divisible e-cash, and we study the linkswith constrained pseudo-random functions (PRFs), a primitive recently formalized by Boneh andWaters. We exhibit two frameworks of divisible e-cash systems from constrained PRFs achievingsome specific properties: either key homomorphism or delegability. We then formally prove theseframeworks, and address two main issues in previous constructions: two essential security notionswere either not considered at all or not fully proven. Indeed, we introduce the notion ofclearing,which should guarantee that only the recipient of a transaction should be able to do the deposit,and we show theexculpability, that should prevent an honest user to be falsely accused, was wrongin most proofs of the previous constructions. Some can easily be repaired, but this is not the casefor most complex settings such as constructions in the standard model. Consequently, we providethe first construction secure in the standard model, as a direct instantiation of our framework.
Document type :
Conference papers
Complete list of metadata

Cited literature [33 references]  Display  Hide  Download
Contributor : David Pointcheval <>
Submitted on : Thursday, November 5, 2020 - 4:48:53 PM
Last modification on : Thursday, July 1, 2021 - 5:58:08 PM
Long-term archiving on: : Saturday, February 6, 2021 - 7:53:25 PM


Files produced by the author(s)




Florian Bourse, David Pointcheval, Olivier Sanders. Divisible E-Cash from Constrained Pseudo-Random Functions. ASIACRYPT 2019 - 25th Annual International Conference on the Theory and Application of Cryptology and Information Security, Dec 2019, Kobe, Japan. ⟨10.1007/978-3-030-34578-5_24⟩. ⟨hal-02357173⟩



Record views


Files downloads