Off-line ‘anonymous’

Off-line ‘anonymous’ electronic money

In the use of off-line electronic money, the merchant does not need to interact with the bank before accepting a coin from the user. Instead he can collect multiple coins Spent by users and Deposit them later with the bank. In principle this could be done off-line, i.e. the merchant could go to the bank with his storage media to exchange e-cash for cash.

Nevertheless the merchant is guaranteed that the user’s e-coin will either be accepted by the bank, or the bank will be able to identify and punish the cheating user. In this way a user is prevented from spending the same coin twice (double-spending). Off-line e-cash schemes also need to protect against cheating merchants, i.e. merchants that want to deposit a coin twice (and then blame the user).

Using cryptography, anonymous ecash was introduced by David Chaum. He used blind signatures to achieve unlinkability between withdrawal and spend transactions. In ryptography, e-cash usually refers to anonymous e-cash. Depending on the properties of the payment transactions, one distinguishes between on-line and off-line e-cash. The first off-line e-cash system was proposed by Chaum and Naor. Like the first on-line scheme, it is based on RSA blind signatures.