Formal Analysis of E-Cash Protocols

Jannik Dreier, Ali Kassem, Pascal Lafourcade


Electronic cash (e-cash) aims at achieving client privacy at payment, similar to real cash. Several security protocols have been proposed to ensure privacy in e-cash, as well as the necessary unforgery properties. In this paper, we propose a formal framework to define, analyze, and verify security properties of e-cash systems. To this end, we model e-cash systems in the applied p-calculus, and we define two client privacy properties and three properties to prevent forgery. Finally, we apply our definitions to an e-cash protocol from the literature proposed by Chaum et al., which has two variants and a real implementation based on it. Using ProVerif, we demonstrate that our framework is suitable for an automated analysis of this protocol.


  1. Sattar J. Aboud and Ammar Agoun. Analysis of a known offline e-coin system. International Journal of Computer Applications, 2014.
  2. Masayuki Abe and Eiichiro Fujisaki. How to date blind signatures. In Advances in Cryptology - ASIACRYPT 7896, Korea, November 3-7, 1996, Proceedings, volume 1163, pages 244-251. Springer, 1996.
  3. Martín Abadi and Cédric Fournet. Mobile values, new names, and secure communication. In The 28th Symposium on Principles of Programming Languages, ACM, UK, 2001.
  4. M. Backes, C. Hritcu, and M. Maffei. Automated verification of remote electronic voting protocols in the applied pi-calculus. In CSF, 2008.
  5. Bruno Blanchet. An efficient cryptographic protocol verifier based on prolog rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14), Canada, 2001.
  6. Stefan Brands. Untraceable off-line cash in wallets with observers (extended abstract). In Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 7893, pages 302- 318, London, UK, UK, 1994. Springer-Verlag.
  7. David Chaum, Amos Fiat, and Moni Naor. Untraceable electronic cash. In Advances in Cryptology: Proceedings of CRYPTO 7888, pages 319-327. Springer New York, 1990.
  8. Sébastien Canard and Aline Gouget. Anonymity in transferable e-cash. In Applied Cryptography and Network Security, ACNS, USA, pages 207-223, 2008.
  9. Sébastien Canard, Aline Gouget, and Jacques Traoré. Improvement of efficiency in (unconditional) anonymous transferable e-cash. In Financial Cryptography and Data Security, 12th International Conference, FC, Mexico. Springer, 2008.
  10. David Chaum. Blind signatures for untraceable payments. In Advances in Cryptology: Proceedings of CRYPTO 7882. Springer US, 1983.
  11. Giovanni Di Crescenzo. A non-interactive electronic cash system. In Algorithms and Complexity, Second Italian Conference, Italy, volume 778 of Lecture Notes in Computer Science, pages 109-124. Springer, 1994.
  12. Chang Yu Cheng, Jasmy Yunus, and Kamaruzzaman Seman. Estimations on the security aspect of brand's electronic cash scheme. In 19th International Conference on Advanced Information Networking and Applications AINA, Taiwan, 2005.
  13. I. B. Damga°rd. Payment systems and credential mechanisms with provable security against abuse by individuals. In Proceedings on Advances in Cryptology, pages 328-335. Springer-Verlag, 1990.
  14. Stefano D'Amiano and Giovanni Di Crescenzo. Methodology for digital money based on general cryptographic tools. In Advances in Cryptology - EUROCRYPT 7894, Workshop on the Theory and Application of Cryptographic Techniques, Italy. Springer, 1994.
  15. Jannik Dreier, Rosario Giustolisi, Ali Kassem, Pascal Lafourcade, Gabriele Lenzini, and Peter Y. A. Ryan. Formal analysis of electronic exams. In SECRYPT, Austria, 2014, pages 101-112, 2014.
  16. S. Delaune, S. Kremer, and M.D. Ryan. Verifying privacytype properties of electronic voting protocols. Journal of Computer Security, 17(4):435-487, jul 2009.
  17. J. Dreier, P. Lafourcade, and Y. Lakhnech. A formal taxonomy of privacy in voting protocols. In ICC, pages 6710-6715, 2012.
  18. Jannik Dreier, Pascal Lafourcade, and Yassine Lakhnech. Formal verification of e-auction protocols. In Principles of Security and Trust, POST, pages 247-266. Springer, 2013.
  19. D. Dolev and Andrew C. Yao. On the security of public key protocols. Information Theory, IEEE Transactions on, 29(2):198-208, 1983.
  20. Niels Ferguson. Single term off-line coins. In Advances in Cryptology, Lecture Notes in Computer Science - EUROCRYPT 7893, volume 765, pages 318-328. Springer-Verlag, 1994.
  21. Chun-I Fan, Vincent Shi-Ming Huang, and Yao-Chun Yu. User efficient recoverable off-line e-cash scheme with fast anonymity revoking. Mathematical and Computer Modelling, 2013.
  22. Sangjin Kim and Heekuck Oh. Making electronic refunds reusable, 2001.
  23. Ralf Küsters and Tomasz Truderung. Reducing protocol analysis with xor to the xor-free case in the horn theory based approach. Journal of Automated Reasoning, 2011.
  24. Zhengqin Luo, Xiaojuan Cai, Jun Pang, and Yuxin Deng. Analyzing an electronic cash protocol using applied pi calculus. In Applied Cryptography and Network Security, 5th International Conference, ACNS, China, 2007.
  25. Tatsuaki Okamoto and Kazuo Ohta. Disposable zeroknowledge authentications and their applications to untraceable electronic cash. In Proceedings on Advances in Cryptology, CRYPTO 7889, pages 481-496. Springer-Verlag New York, Inc., 1989.
  26. Marek R. Ogiela and Piotr Sulkowski. Improved cryptographic protocol for digital coin exchange. In Soft Computing and Intelligent Systems (SCIS), pages 1148-1151, 2014.
  27. Birgit Pfitzmann, Matthias Schunter, and Michael Waidner. How to break another provably secure payment system. In EUROCRYPT 7895, International Conference on the Theory and Application of Cryptographic Techniques, France, pages 121-132, 1995.
  28. Birgit Pfitzmann and Michael Waidner. How to break and repair A ”provably secure” untraceable payment system. In CRYPTO 7891, 11th Annual International Cryptology Conference, USA, pages 338-350, 1991.
  29. Berry Schoenmakers. Basic security of the ecash payment system. In In Applied Cryptography, Course on Computer Security and Industrial Cryptography, pages 201-231. Springer-Verlag, LNCS, 1997.
  30. Aye Thandar Swe and Khin Khat Khat Kyaw. Formal analysis of secure e-cash transaction protocol. In International Conference on Advances in Engineering and Technology, Singapore, 2014.

Paper Citation

in Harvard Style

Dreier J., Kassem A. and Lafourcade P. (2015). Formal Analysis of E-Cash Protocols . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 65-75. DOI: 10.5220/0005544500650075

in Bibtex Style

author={Jannik Dreier and Ali Kassem and Pascal Lafourcade},
title={Formal Analysis of E-Cash Protocols},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},

in EndNote Style

JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Formal Analysis of E-Cash Protocols
SN - 978-989-758-117-5
AU - Dreier J.
AU - Kassem A.
AU - Lafourcade P.
PY - 2015
SP - 65
EP - 75
DO - 10.5220/0005544500650075