On the design of efficient RSA-based off-line electronic cash schemes

Electronic cash is arguably one of the most important applications of modem cryptology. There have been two types of electronic cash schemes namely on-line and off-line. In general off-line schemes are more efficient than on-line ones. The two fundamental issues with any off-line electronic cash scheme have been the detection of double spending and provision of anonymity. These issues make the design of secure off-line electronic cash schemes not an easy task. Cut-and-choose technology was one of the first techniques that was introduced to address the issue of double spending in an off-line scheme. However, this technique is not very efficient. Subsequently, other techniques had been proposed to achieve both double spending and client anonymity without using the cut and choose method. These include the works of Brands based on the discrete logarithm and that of Ferguson based on RSA and polynomial secret sharing scheme. In this paper, we propose an improved version of off-line electronic cash scheme based on the Ferguson's protocol. This scheme improves the efficiency by making some of the parameters used in the protocol to be reusable and removes the risk of framing by the bank by hiding the client's identity. (C) 1999 Elsevier Science B.V. All rights reserved.