[145187] in cryptography@c2.net mail archive
Re: Question regarding common modulus on elliptic curve cryptosystems
daemon@ATHENA.MIT.EDU (James A. Donald)
Thu Mar 25 08:48:52 2010
Date: Thu, 25 Mar 2010 08:37:05 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: Sergio Lerner <sergiolerner@pentatek.com>
CC: Jonathan Katz <jkatz@cs.umd.edu>, cryptography@metzdowd.com
In-Reply-To: <4BA7881C.8090704@pentatek.com>
On 2010-03-23 1:09 AM, Sergio Lerner wrote:
> I've read some papers, not that much. But I don't mind reinventing the
> wheel, as long as the new protocol is simpler to explain.
> Reading the literature, I couldn't find a e-cash protocol which :
>
> - Hides the destination / source of payments.
> - Hides the amount of money transferred.
> - Hides the account balance of each person from the bank.
> - Allows off-line payments.
> - Avoids giving the same "bill" to two different people by design.
> This means that the protocol does not need to detect the use of cloned
> "bills".
> - Gives each person a cryptographic proof of owning the money they
> have in case of dispute.
>
> I someone points me out a protocol that manages to fulfill this
> requirements, I'd be delighted.
> I think I can do it with a commutative signing primitive, and a
> special zero-proof of knowledge.
Gap Diffie Helman gives you a commutative signing primitive, and a
zero-proof of knowledge.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
