Abstract
Electronic cash is an electronic form of currency, which allows the cash transactions over communication networks under privacy protections. However, it still has some aspects that have not been well studied. Known constructions suffer from at least one of the following limitations: (1) relying on a random oracle, (2) not supporting multiple bank setting and users dynamically joining or (3) prohibitively expensive. In this paper, we propose a new electronic cash system that avoids all these limitations. In other words, our system is anonymous against chosen-ciphertext attack (CCA) in the standard model, and supports multiple banks enrolling and users dynamically joining, which is achieved by the utilization of non-interactive zero-knowledge proof and dynamic group signature. Finally, in the standard model, a formal security proof is given to claim that our system has CCA anonymity, unforgeability, traceability and no double-spending. Compared with the existing systems, ours has advantages of both the efficiency and security.
Acknowledgements
The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work was supported in part by the National Science and Technology Major Project under Grant No. 2013ZX03002006, the National Natural Science Foundation under Grant No. 61300196, Liaoning Province Science and Technology Projects under Grant No. 2013217004 and the Fundamental Research Funds for the Central Universities under Grant No. N130317002.