Compact E-Cash and Simulatable VRFs Revisited
نویسندگان
چکیده
Efficient non-interactive zero-knowledge proofs are a powerful tool for solving many cryptographic problems. We apply the recent Groth-Sahai (GS) proof system for pairing product equations (Eurocrypt 2008) to two related cryptographic problems: compact e-cash (Eurocrypt 2005) and simulatable verifiable random functions (CRYPTO 2007). We present the first efficient compact e-cash scheme that does not rely on a random oracle. To this end we construct efficient GS proofs for signature possession, pseudo randomness and set membership. The GS proofs for pseudorandom functions give rise to a much cleaner and substantially faster construction of simulatable verifiable random functions (sVRF) under a weaker number theoretic assumption. We obtain the first efficient fully simulatable sVRF with a polynomial sized output domain (in the security parameter).
منابع مشابه
Simulatable VRFs with Applications to Multi-theorem NIZK
This paper introduces simulatable verifiable random functions (sVRF). VRFs are similar to pseudorandom functions, except that they are also verifiable: corresponding to each seed SK, there is a public key PK, and for y = FPK(x), it is possible to prove that y is indeed the value of the function seeded by SK. A simulatable VRF is a VRF for which this proof can be simulated, so a simulator can pr...
متن کاملPractical Compact E-Cash with Arbitrary Wallet Size
Compact e-cash schemes allow users to withdraw a wallet containing K coins and to spend each coin unlinkably. We present the first compact e-cash scheme with arbitrary wallet size k ≤ K while the spending protocol is of constant time and space complexity. Known compact e-cash schemes are constructed from either verifiable random functions or bounded accumulators. We use both building blocks to ...
متن کاملPractical Compact E-Cash
Compact e-cash schemes allow a user to withdraw a wallet containing k coins in a single operation, each of which the user can spend unlinkably. One big open problem for compact e-cash is to allow multiple denominations of coins to be spent efficiently without executing the spend protocol a number of times. In this paper, we give a (partial) solution to this open problem by introducing two addit...
متن کاملMore Compact E-Cash with Efficient Coin Tracing
In 1982, Chaum [21] pioneered the anonymous e-cash which finds many applications in e-commerce. In 1993, Brands [8–10] and Ferguson [30, 31] published on single-term offline anonymous ecash which were the first practical e-cash. Their constructions used blind signatures and were inefficient to implement multi-spendable e-cash. In 1995, Camenisch, Hohenberger, and Lysyanskaya [12] gave the first...
متن کاملProperties of e cash pdf
Here we. There are scenarios however, where basic e-cash properties are not sufficient. Here we.Electronic cash. It can be traded for goods or.Electronic cash e-cash instruments allow digital payment for goods and ser. properties of e cash pdf There are scenarios however, where basic e-cash properties are not problemas de escritura pdf sufficient.Dec 27, 1997. Electronic coins possess similar p...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2009 شماره
صفحات -
تاریخ انتشار 2009