Abstract
Anonymous E-Cash was first introduced in 1982 as a digital, privacy-preserving alternative to physical cash. A lot of research has since then been devoted to extend and improve its properties, leading to the appearance of multiple schemes. Despite this progress, the practical feasibility of E-Cash systems is still today an open question. Payment tokens are typically portable hardware devices in smart card form, resource constrained due to their size, and therefore not suited to support largely complex protocols such as E-Cash. Migrating to more powerful mobile platforms, for instance, smartphones, seems a natural alternative. However, this implies moving computations from trusted and dedicated execution environments to generic multiapplication platforms, which may result in security vulnerabilities. In this work, we propose a new anonymous E-Cash system to overcome this limitation. Motivated by existing payment schemes based on MTM (Mobile Trusted Module) architectures, we consider at design time a model in which user payment tokens are composed of two modules: an untrusted but powerful execution platform (e.g., smartphone) and a trusted but constrained platform (e.g., secure element). We show how the protocol’s computational complexity can be relaxed by a secure split of computations: nonsensitive operations are delegated to the powerful platform, while sensitive computations are kept in a secure environment. We provide a full construction of our proposed Anonymous Split E-Cash scheme and show that it fully complies with the main properties of an ideal E-Cash system. Finally, we test its performance by implementing it on an Android smartphone equipped with a Java-Card-compatible secure element.
- Federal Information Processing Standards Publication 197. 2001. Specification for the Advanced Encryption Standard (AES). Retrieved from http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.Google Scholar
- Josep Balasch. 2008. Smart Card Implementation of Anonymous Credentials. Master’s thesis. Katholieke Universiteit Leuven (KU Leuven).Google Scholar
- Lejla Batina, Jaap-Henk Hoepman, Bart Jacobs, Wojciech Mostowski, and Pim Vullers. 2010. Developing efficient blinded attribute certificates on smart cards via pairings. In Smart Card Research and Advanced Application (CARDIS’10) (Lecture Notes in Computer Science), Dieter Gollmann, Jean-Louis Lanet, and Julien Iguchi-Cartigny (Eds.), Vol. 6035. Springer, 209--222. Google Scholar
Digital Library
- Patrik Bichsel, Jan Camenisch, Thomas Groß, and Victor Shoup. 2009. Anonymous credentials on a standard Java Card. In Conference on Computer and Communications Security (CCS’09), Ehab Al-Shaer, Somesh Jha, and Angelos D. Keromytis (Eds.). ACM, 600--610. Google Scholar
Digital Library
- Stefan Brands. 1994. Untraceable Off-line Cash in Wallets with Observers (Extended Abstract). In Advances in Cryptology (CRYPTO’93) (LNCS), Douglas R. Stinson (Ed.), Vol. 773. Springer, 302--318. Google Scholar
Digital Library
- Stefan Brands. 2000. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. Master’s thesis. MIT Press. Google Scholar
Digital Library
- Ernest F. Brickell, Jan Camenisch, and Liqun Chen. 2004. Direct anonymous attestation. In ACM Conference on Computer and Communications Security. 132--145. Google Scholar
Digital Library
- Jan Camenisch and Els Van Herreweghen. 2002. Design and implementation of the idemix anonymous credential system. In Conference on Computer and Communications Security (CCS’02), Vijayalakshmi Atluri (Ed.). ACM, 21--30. Google Scholar
Digital Library
- Jan Camenisch, Susan Hohenberger, and Anna Lysyanskaya. 2005. Compact E-Cash. In Advances in Cryptology (EUROCRYPT’05) (LNCS), Ronald Cramer (Ed.), Vol. 3494. Springer, 302--321. Google Scholar
Digital Library
- Jan Camenisch, Anja Lehmann, Gregory Neven, and Alfredo Rial. 2014. Privacy-preserving auditing for attribute-based credentials. In Computer Security (ESORICS’14). Springer, 109--127.Google Scholar
- Jan Camenisch and Anna Lysyanskaya. 2001. An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Advances in Cryptology (EUROCRYPT’01), International Conference on the Theory and Application of Cryptographic Techniques, Innsbruck, Austria, May 6-10, 2001, Proceeding (Lecture Notes in Computer Science), Birgit Pfitzmann (Ed.), Vol. 2045. Springer, 93--118. Google Scholar
Digital Library
- Jan Camenisch, Anna Lysyanskaya, and Mira Meyerovich. 2007. Endorsed E-Cash. In IEEE Symposium on Security and Privacy. IEEE Computer Society, 101--115. Google Scholar
Digital Library
- Sébastien Canard and Aline Gouget. 2007. Divisible E-Cash systems can be truly anonymous. In Advances in Cryptology (EUROCRYPT’07) (LNCS), Moni Naor (Ed.), Vol. 4515. Springer, 482--497. Google Scholar
Digital Library
- Sébastien Canard and Aline Gouget. 2008. Anonymity in transferable E-cash. In ACNS (Lecture Notes in Computer Science), Steven M. Bellovin, Rosario Gennaro, Angelos D. Keromytis, and Moti Yung (Eds.), Vol. 5037. 207--223. Google Scholar
Digital Library
- Sébastien Canard, Aline Gouget, and Jacques Traoré. 2008. Improvement of efficiency in (unconditional) anonymous transferable E-Cash. In Financial Cryptography (Lecture Notes in Computer Science), Gene Tsudik (Ed.), Vol. 5143. Springer, 202--214. Google Scholar
Digital Library
- David Chaum. 1983. Blind signatures for untraceable payments. In Advances in Cryptology: Proceedings of CRYPTO’82, David Chaum, Ronald L. Rivest, and Alan T. Sherman (Eds.). Plenum Press, 199--203.Google Scholar
Cross Ref
- Chipknip. 2014. An offline smartcard payment system. Retrieved from http://www.chipknip.nl.Google Scholar
- Efrén Clemente-Cuervo, Francisco Rodríguez-Henríquez, Daniel Ortiz Arroyo, and Levent Ertaul. 2007. A PDA implementation of an off-line E-Cash protocol. In Proceedings of the 2007 International Conference on Security and Management (SAM’07), Selim Aissi and Hamid R. Arabnia (Eds.). CSREA Press, 452--458.Google Scholar
- Common Criteria. 2014. Homepage. Retreived from: http://www.commoncriteriaportal.org.Google Scholar
- Ivan Damgård and Eiichiro Fujisaki. 2002. A statistically-hiding integer commitment scheme based on groups with hidden order. In ASIACRYPT. 125--142. Google Scholar
Digital Library
- David Derler, Klaus Potzmader, Johannes Winter, and Kurt Dietrich. 2011. Anonymous ticketing for NFC-enabled mobile phones. In Trusted Systems (INTRUST’11) (Lecture Notes in Computer Science), Liqun Chen, Moti Yung, and Liehuang Zhu (Eds.), Vol. 7222. Springer, 66--83. Google Scholar
Digital Library
- Yevgeniy Dodis and Aleksandr Yampolskiy. 2005. A verifiable random function with short proofs and keys. In Public Key Cryptography. 416--431. Google Scholar
Digital Library
- EMVCo. 2014. The EMV standards body. Retrieved from http://www.emvco.com.Google Scholar
- Geldkarte. 2014. An offline smartcard payment system. Retrieved from http://www.geldkarte.de.Google Scholar
- Gesine Hinterwälder, Christof Paar, and Wayne P. Burleson. 2013a. Privacy preserving payments on computational RFID devices with application in intelligent transportation systems. In Radio Frequency Identification. Security and Privacy Issues (RFIDSec’12) (Lecture Notes in Computer Science), Jaap-Henk Hoepman and Ingrid Verbauwhede (Eds.), Vol. 7739. Springer, 109--122. Google Scholar
Digital Library
- Gesine Hinterwälder, Christian T. Zenger, Foteini Baldimtsi, Anna Lysyanskaya, Christof Paar, and Wayne P. Burleson. 2013b. Efficient E-Cash in practice: NFC-based payments for public transportation systems. In Privacy Enhancing Technologies (PETS’13) (Lecture Notes in Computer Science), Emiliano De Cristofaro and Matthew Wright (Eds.), Vol. 7981. Springer, 40--59.Google Scholar
- Benjamin Ransford, Kevin Fu, Hong Zhang, Jeremy Gummeson. 2011. Moo: A Batteryless Computational RFID and Sensing Platform. Technical Report. University of Massachusetts Computer Science.Google Scholar
- ISO 7816-3. 2006. Smart card standard: Cards with contacts. Electrical interface and transmission protocols. (last updated: 2006).Google Scholar
- ISO 7816-4. 2005. Smart card standard: Organization, security and commands for interchange. (last updated: 2005).Google Scholar
- Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential power analysis. In Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO’99). Springer-Verlag, 388--397. Google Scholar
Digital Library
- Alfred J. Menezes, Scott A. Vanstone, and Paul C. Van Oorschot. 1996. Handbook of Applied Cryptography. CRC Press, Boca Raton, FL. Google Scholar
Digital Library
- Wojciech Mostowski and Pim Vullers. 2011. Efficient U-prove implementation for anonymous credentials on smart cards. In Security and Privacy in Communication Networks (SecureComm’11) (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering), Muttukrishnan Rajarajan, Fred Piper, Haining Wang, and George Kesidis (Eds.), Vol. 96. Springer, 243--260.Google Scholar
- Tatsuaki Okamoto. 1995. An efficient divisible electronic cash scheme. In CRYPTO (Lecture Notes in Computer Science), Don Coppersmith (Ed.), Vol. 963. Springer, 438--451. Google Scholar
Digital Library
- PROTON. 2014. An offline smartcard payment system. Retrieved from http://mypaymentsolution.be/index/en_US/5118014/5126207/Proton.htm.Google Scholar
- SEEK. 2014. Secure Element Evaluation Kit for the Android platform. Retrieved from http://code.google.com/p/seek-for-android.Google Scholar
- Michal Sterckx, Benedikt Gierlichs, Bart Preneel, and Ingrid Verbauwhede. 2009. Efficient implementation of anonymous credentials on Java Card smart cards. In 1st IEEE International Workshop on Information Forensics and Security (WIFS’09). IEEE, 106--110.Google Scholar
Cross Ref
- Eric R. Verheul. 2001. Self-blindable credential certificates from the Weil pairing. In Advances in Cryptology (ASIACRYPT’01) (Lecture Notes in Computer Science), Colin Boyd (Ed.), Vol. 2248. Springer, 533--551. Google Scholar
Digital Library
- Visa payWave. 2014. Mobile payments. Retrieved from https://developer.visa.com/paywavemobile.Google Scholar
Index Terms
Anonymous Split E-Cash—Toward Mobile Anonymous Payments
Recommendations
Anonymity on blockchain based e-cash protocols—A survey
AbstractThe transactions in blockchain framework, based cryptocurrencies are publicly available, thereby accessible to all users by design. However, the anonymity of blockchain transactions is necessary for acceptance of such frameworks. There ...
A fair e-cash payment scheme based on credit
ICEC '05: Proceedings of the 7th international conference on Electronic commerceA new fair e-cash payment scheme based on credit is present in this paper. In the scheme, an overdraft credit certificate is issued to user by bank. Using the overdraft credit certificate, user can produce e-cash himself to pay in exchanges. Merchant ...
An Unlinkable Anonymous Payment Scheme based on near field communication
Display Omitted We propose an anonymous mobile payment protocol to protect users' privacy.Using anonymizing schemes to improve anonymity and unlinkability in a mobile transaction.Users can use mobile phones with NFC to perform commercial transactions. A ...






Comments