Financial Cryptography

We present an e-cash scheme which provides a trade-off between anonymity and efficiency, by amortizing the cost of zero-knowledge and signature computation in the cash generation phase. Our work solves an open problem of Okamoto in divisible e-cash. Namely, we achieve results similar to those of Okamoto, but (1) based on traditional complexity assumptions (rather than ad hoc ones), and (2) within a much crisper definitional framework that highlights the anonymity properties, and (3) in a simple fashion.

[1]  Adi Shamir SecureClick: A Web Payment System with Disposable Credit Card Numbers , 2001, Financial Cryptography.

[2]  Arie Segev,et al.  Auctions on the Internet: A Field Study , 1998 .

[3]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[4]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[5]  Hiroaki Kikuchi,et al.  Multi-round Anonymous Auction Protocols , 1999 .

[6]  Matthew K. Franklin,et al.  The design and implementation of a secure auction service , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[7]  Jacques Stern,et al.  Security Analysis of a Practical "on the fly" Authentication and Signature Generation , 1998, EUROCRYPT.

[8]  Moti Yung,et al.  Cryptographic Computation: Secure Faut-Tolerant Protocols and the Public-Key Model , 1987, CRYPTO.

[9]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[10]  Oded Goldreich,et al.  How to Solve any Protocol Problem - An Efficiency Improvement , 1987, CRYPTO.

[11]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[12]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[13]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[14]  Ronald Cramer,et al.  Signature schemes based on the strong RSA assumption , 2000, TSEC.

[15]  Jacques Stern,et al.  Provably Secure Blind Signature Schemes , 1996, ASIACRYPT.

[16]  Paul F. Syverson,et al.  Weakly secret bit commitment: applications to lotteries and fair exchange , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[17]  Jacques Stern,et al.  On the Length of Cryptographic Hash-Values Used in Identification Schemes , 1994, CRYPTO.

[18]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[19]  Matthias Schunter,et al.  Optimistic fair exchange , 2000 .

[20]  David Naccache,et al.  On blind signatures and perfect crimes , 1992, Comput. Secur..

[21]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[22]  A. Yao How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[23]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[24]  Fritz Hohl An Approach to Solve the Problem of Malicious Hosts , 1998 .

[25]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[26]  Tom Coffey,et al.  Non-repudiation with mandatory proof of receipt , 1996, CCRV.

[27]  Dieter Gollmann,et al.  An efficient non-repudiation protocol , 1997, Proceedings 10th Computer Security Foundations Workshop.

[28]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[29]  Kazue Sako,et al.  An Auction Protocol Which Hides Bids of Losers , 2000, Public Key Cryptography.

[30]  David M'Raïhi,et al.  Computational Alternatives to Random Number Generators , 1998, Selected Areas in Cryptography.

[31]  Matthew Franklin,et al.  Complexity and security of distributed protocols , 1994 .

[32]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[33]  David Chaum,et al.  Designated Confirmer Signatures , 1994, EUROCRYPT.

[34]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[35]  Markus Jakobsson,et al.  Revokable and versatile electronic money (extended abstract) , 1996, CCS '96.

[36]  Frank Stajano,et al.  The Cocaine Auction Protocol: On the Power of Anonymous Broadcast , 1999, Information Hiding.

[37]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[38]  Jacques Stern,et al.  A New Public-Key Cryptosystem , 1997, EUROCRYPT.

[39]  Tatsuaki Okamoto,et al.  A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.

[40]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[41]  Moti Yung,et al.  Non-interactive cryptocomputing for NC/sup 1/ , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[42]  Philip D. MacKenzie,et al.  Anonymous Investing: Hiding the Identities of Stockholders , 1999, Financial Cryptography.

[43]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[44]  Mihir Bellare,et al.  Practice-Oriented Provable Security , 1998, Lectures on Data Security.

[45]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[46]  Colin Boyd,et al.  Off-Line Fair Payment Protocols Using Convertible Signatures , 1998, ASIACRYPT.

[47]  Kouichi Sakurai,et al.  A bulletin-board based digital auction scheme with bidding down strategy-towards anonymous electroni , 1999 .

[48]  Donald Byron Johnson,et al.  Formal Security Proofs for a Signature Scheme with Partial Message Recovery , 2001, CT-RSA.

[49]  Manuel Bronstein,et al.  Fast deterministic computation of determinants of dense matrices , 1999, ISSAC '99.

[50]  Liqun Chen,et al.  Efficient Fair Exchange with Verifiable Confirmation of Signatures , 1998, ASIACRYPT.

[51]  Gilles Villard,et al.  On computing the determinant and Smith form of an integer matrix , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[52]  Hung-Min Sun,et al.  On the Security of Some Variants of the RSA Signature Scheme , 1998, ESORICS.

[53]  Tom Tedrick,et al.  How to Exchange Half a Bit , 1983, CRYPTO.

[54]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[55]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[56]  Giovanni Di Crescenzo,et al.  On monotone formula closure of SZK , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[57]  Rafail Ostrovsky,et al.  Security of blind digital signatures , 1997 .

[58]  Paul R. Milgrom,et al.  Auctions and Bidding: A Primer , 1989 .

[59]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[60]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[61]  Moni Naor,et al.  Privacy preserving auctions and mechanism design , 1999, EC '99.

[62]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[63]  Tom Tedrick,et al.  Fair Exchange of Secrets , 1984, CRYPTO.

[64]  Scott A. Vanstone,et al.  Postal Revenue Collection in the Digital Age , 2000, Financial Cryptography.

[65]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[66]  Giovanni Vigna,et al.  Protecting Mobile Agents through Tracing , 1997 .

[67]  Manoj Kumar,et al.  Internet Auctions , 1998, USENIX Workshop on Electronic Commerce.

[68]  Fabian Monrose,et al.  Distributed Execution with Remote Audit , 1999, NDSS.

[69]  Philippe Golle,et al.  Uncheatable Distributed Computations , 2001, CT-RSA.

[70]  Rebecca N. Wright,et al.  Off-Line Generation of Limited-Use Credit Card Numbers , 2001, Financial Cryptography.

[71]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[72]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[73]  Yongfei Han Investigation of non-repudiation protocols , 1996, ACISP.

[74]  Jean-Jacques Quisquater,et al.  A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory , 1988, EUROCRYPT.

[75]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[76]  Markus Jakobsson,et al.  Addition of ElGamal Plaintexts , 2000, ASIACRYPT.

[77]  J. Doug Tygar,et al.  Electronic Auctions with Private Bids , 1998, USENIX Workshop on Electronic Commerce.

[78]  Silvio Micali,et al.  Strong signature schemes , 1983, STOC '83.

[79]  Paul F. Syverson,et al.  Fair On-Line Auctions without Special Trusted Parties , 1999, Financial Cryptography.

[80]  Shai Halevi,et al.  Secure Hash-and-Sign Signatures Without the Random Oracle , 1999, EUROCRYPT.

[81]  Y. Watanabe Optimistic Sealed-Bid Auction Protocol , 2000 .

[82]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[83]  Duncan S. Wong,et al.  Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices , 2001, ASIACRYPT.

[84]  David Pointcheval,et al.  New Public Key Cryptosystems Based on the Dependent-RSA Problems , 1999, EUROCRYPT.

[85]  Michael P. Wellman,et al.  Flexible double auctions for electronic commerce: theory and implementation , 1998, Decis. Support Syst..

[86]  Makoto Yokoo,et al.  A Limitation of the Generalized Vickrey Auction in Electronic Commerce: Robustness against False-name Bids , 1999, AAAI/IAAI.

[87]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[88]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[89]  David Pointcheval,et al.  Strengthened Security for Blind Signatures , 1998, EUROCRYPT.

[90]  Christian Cachin,et al.  Efficient private bidding and auctions with an oblivious third party , 1999, CCS '99.

[91]  R. A. Rueppel,et al.  Message recovery for signature schemes based on the discrete logarithm problem , 1996 .

[92]  Moni Naor,et al.  Efficient oblivious transfer protocols , 2001, SODA '01.

[93]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[94]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[95]  Birgit Pfitzmann,et al.  Optimal efficiency of optimistic contract signing , 1998, PODC '98.

[96]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[97]  Van Renesse,et al.  Optical document security , 1994 .

[98]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[99]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1988, Journal of Cryptology.

[100]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[101]  Robbert van Renesse,et al.  Cryptographic support for fault-tolerant distributed computing , 1996, EW 7.

[102]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[103]  D. Shanks Class number, a theory of factorization, and genera , 1971 .

[104]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[105]  Christoph G. Günther An Identity-Based Key-Exchange Protocol , 1989, EUROCRYPT.

[106]  David M'Raïhi,et al.  Batch exponentiation: a fast DLP-based signature generation strategy , 1996, CCS '96.