Compact and Divisible E-Cash with Threshold Issuance

Alfredo Rial; Ania M. Piotrowska

Compact and Divisible E-Cash with Threshold Issuance

Authors: Alfredo Rial (Nym Technologies), Ania M. Piotrowska (Nym Technologies)

Volume: 2023
Issue: 4
Pages: 381–415
DOI: https://doi.org/10.56553/popets-2023-0116

Abstract: Decentralized, offline, and privacy-preserving e-cash could fulfil the need for both scalable and byzantine fault-resistant payment systems. Existing offline anonymous e-cash schemes are unsuitable for distributed environments due to a central bank. We construct a distributed offline anonymous e-cash scheme, in which the role of the bank is performed by a quorum of authorities, and present its two instantiations. Our first scheme is compact, i.e. the cost of the issuance protocol and the size of a wallet are independent of the number of coins issued, but the cost of payment grows linearly with the number of coins spent. Our second scheme is divisible and thus the cost of payments is also independent of the number of coins spent, but the verification of deposits is more costly. We provide formal security proof of both schemes and compare the efficiency of their implementations.

Keywords: offline anonymous e-cash, threshold issuance, bilinear maps

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.