Abstract
For real-world applications digital coin systems, i.e., off-line payment systems offering not only the unforgeability of conventional coins but also the anonymity of customers making purchases, need to have some additional features. One of these additional features is the hardware protection of the system, provided by dedicated tamper-resistant devices called observers which are used to physically prevent illegitimate copying of coins. Another essential feature for practical applications is anonymity-revocation mechanisms. Basically, digital coin systems guarantee perfect anonymity, i.e., the bank cannot link views of the withdrawal and payments in order to determine whether or not a customer spent her money at a certain shop. The customer’s privacy protection is the main difference between coin systems and those based on credit card or cheque based systems. While privacy protection is a desirable property of cash systems, perfect anonymity is not. Perfect anonymity makes possible perfect blackmailing or money laundering. To prevent such “perfect crime” it must be possible to revoke the anonymity of customers in case of need. Anonymity revocation is done by a trusted third party. Cash systems that allow anonymity revocation are called fair. We present a coin system featuring both observer and fairness, showing that both concepts do not interfere with each other and can be implemented simultaneously without loss of security. We prove this claim not only by presenting a fair variant of the Brands’ coin system but additionally by outlining a generic framework for fair wallets in which essentially any blind signature scheme can be used. Unlike other fair off-line coin systems, fairness is implemented with the help of the observer, thereby reducing the computational effort during the withdrawal.
Highlights
Electronic Commerce is one of the most important applications for the Internet and mobile devices
In contrast to credit card payments and micropayments for digital coins we have an additional requirement - the anonymity of the payment token, i.e. the bank is not able to link a purchase to a certain customer
We present a framework for fair wallets with observer, where basically any blind signature scheme can be used as a underlying building block
Summary
Electronic Commerce is one of the most important applications for the Internet and mobile devices. A way to prevent the customer physically from copying his coins is to store essential parts of them in a tamper-resistant device called an observer. An example for this kind of tamper-resistant device needed for a payment system is a conventional smart card chip. A digital coin system is called perfectly anonymous if the bank’s views of withdrawal and of payment are independent (in a stochastic sense) In practice this implies that the bank can by no means trace a customer or her coins, and is unable to determine which customer performed any given payment.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
