Efficient E-cash with Attributes on MULTOS Smartcards

Ever since its invention in the 1980s, e-cash has been considered a promising solution for privacy-preserving electronic payments. However, the computational capabilities, required for the processing of e-cash protocols, are demanding. Only recent works show the feasibility of implementing e-cash on constrained platforms. A particularly challenging, while at the same time extremely attractive platform, are smartcards. Smartcards are, next to magnetic stripe cards, the dominant platform used to execute electronic payments, and they enjoy wide user acceptance. In this paper we present an implementation of two e-cash schemes on MULTOS smartcards. We base the schemes on elliptic curve cryptography, which is supported by the API of the platform of choice. Our results are promising: When relying on a 160-bit elliptic curve, spending a coin, which encodes two attributes that are not revealed, can be executed in less than 800 ms with both considered schemes.