{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,8]],"date-time":"2025-10-08T15:31:20Z","timestamp":1759937480474,"version":"3.41.0"},"reference-count":38,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2015,9,9]],"date-time":"2015-09-09T00:00:00Z","timestamp":1441756800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"FWO","award":["G.00130.13N and G.0876.14N"],"award-info":[{"award-number":["G.00130.13N and G.0876.14N"]}]},{"DOI":"10.13039\/501100011878","name":"Flemish Government","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100011878","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Research Council KU Leuven: GOA TENSE","award":["GOA\/11\/007"],"award-info":[{"award-number":["GOA\/11\/007"]}]},{"name":"COSIC group of Departement Elektrotechniek"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Embed. Comput. Syst."],"published-print":{"date-parts":[[2015,12,8]]},"abstract":"<jats:p>Anonymous E-Cash was first introduced in 1982 as a digital, privacy-preserving alternative to physical cash. A lot of research has since then been devoted to extend and improve its properties, leading to the appearance of multiple schemes. Despite this progress, the practical feasibility of E-Cash systems is still today an open question. Payment tokens are typically portable hardware devices in smart card form, resource constrained due to their size, and therefore not suited to support largely complex protocols such as E-Cash. Migrating to more powerful mobile platforms, for instance, smartphones, seems a natural alternative. However, this implies moving computations from trusted and dedicated execution environments to generic multiapplication platforms, which may result in security vulnerabilities. In this work, we propose a new anonymous E-Cash system to overcome this limitation. Motivated by existing payment schemes based on MTM (Mobile Trusted Module) architectures, we consider at design time a model in which user payment tokens are composed of two modules: an untrusted but powerful execution platform (e.g., smartphone) and a trusted but constrained platform (e.g., secure element). We show how the protocol\u2019s computational complexity can be relaxed by a secure split of computations: nonsensitive operations are delegated to the powerful platform, while sensitive computations are kept in a secure environment. We provide a full construction of our proposed Anonymous Split E-Cash scheme and show that it fully complies with the main properties of an ideal E-Cash system. Finally, we test its performance by implementing it on an Android smartphone equipped with a Java-Card-compatible secure element.<\/jats:p>","DOI":"10.1145\/2783439","type":"journal-article","created":{"date-parts":[[2015,9,15]],"date-time":"2015-09-15T12:09:15Z","timestamp":1442318955000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Anonymous Split E-Cash\u2014Toward Mobile Anonymous Payments"],"prefix":"10.1145","volume":"14","author":[{"given":"Marijn","family":"Scheir","sequence":"first","affiliation":[{"name":"KU Leuven ESAT\/COSIC and iMinds, KU Leuven, Belgium"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6066-8710","authenticated-orcid":false,"given":"Josep","family":"Balasch","sequence":"additional","affiliation":[{"name":"KU Leuven ESAT\/COSIC and iMinds, KU Leuven, Belgium"}]},{"given":"Alfredo","family":"Rial","sequence":"additional","affiliation":[{"name":"IBM Research Z\u00fcrich"}]},{"given":"Bart","family":"Preneel","sequence":"additional","affiliation":[{"name":"KU Leuven ESAT\/COSIC and iMinds, KU Leuven, Belgium"}]},{"given":"Ingrid","family":"Verbauwhede","sequence":"additional","affiliation":[{"name":"KU Leuven ESAT\/COSIC and iMinds, KU Leuven, Belgium"}]}],"member":"320","published-online":{"date-parts":[[2015,9,9]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Federal Information Processing Standards Publication 197. 2001. Specification for the Advanced Encryption Standard (AES). Retrieved from http:\/\/csrc.nist.gov\/publications\/fips\/fips197\/fips-197.pdf."},{"key":"e_1_2_1_2_1","unstructured":"Josep Balasch. 2008. Smart Card Implementation of Anonymous Credentials. Master\u2019s thesis. Katholieke Universiteit Leuven (KU Leuven)."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-12510-2_15"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653734"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/188105.188172"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/517876"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030103"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586114"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/11426639_18"},{"volume-title":"Computer Security (ESORICS\u201914)","author":"Camenisch Jan","key":"e_1_2_1_10_1","unstructured":"Jan Camenisch, Anja Lehmann, Gregory Neven, and Alfredo Rial. 2014. Privacy-preserving auditing for attribute-based credentials. In Computer Security (ESORICS\u201914). Springer, 109--127."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.5555\/647086.715698"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.15"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-72540-4_28"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.5555\/1788857.1788870"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-85230-8_19"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4757-0602-4_18"},{"key":"e_1_2_1_17_1","unstructured":"Chipknip. 2014. An offline smartcard payment system. Retrieved from http:\/\/www.chipknip.nl."},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 2007 International Conference on Security and Management (SAM\u201907)","author":"Clemente-Cuervo Efr\u00e9n","year":"2007","unstructured":"Efr\u00e9n Clemente-Cuervo, Francisco Rodr\u00edguez-Henr\u00edquez, Daniel Ortiz Arroyo, and Levent Ertaul. 2007. A PDA implementation of an off-line E-Cash protocol. In Proceedings of the 2007 International Conference on Security and Management (SAM\u201907), Selim Aissi and Hamid R. Arabnia (Eds.). CSREA Press, 452--458."},{"key":"e_1_2_1_19_1","unstructured":"Common Criteria. 2014. Homepage. Retreived from: http:\/\/www.commoncriteriaportal.org."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","unstructured":"Ivan Damg\u00e5rd and Eiichiro Fujisaki. 2002. A statistically-hiding integer commitment scheme based on groups with hidden order. In ASIACRYPT. 125--142.","DOI":"10.5555\/647098.717135"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-32298-3_5"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","unstructured":"Yevgeniy Dodis and Aleksandr Yampolskiy. 2005. A verifiable random function with short proofs and keys. In Public Key Cryptography. 416--431. 10.1007\/978-3-540-30580-4_28","DOI":"10.1007\/978-3-540-30580-4_28"},{"key":"e_1_2_1_23_1","unstructured":"EMVCo. 2014. The EMV standards body. Retrieved from http:\/\/www.emvco.com."},{"key":"e_1_2_1_24_1","unstructured":"Geldkarte. 2014. An offline smartcard payment system. Retrieved from http:\/\/www.geldkarte.de."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-36140-1_8"},{"key":"e_1_2_1_26_1","volume-title":"Burleson","author":"Hinterw\u00e4lder Gesine","year":"2013","unstructured":"Gesine Hinterw\u00e4lder, Christian T. Zenger, Foteini Baldimtsi, Anna Lysyanskaya, Christof Paar, and Wayne P. Burleson. 2013b. Efficient E-Cash in practice: NFC-based payments for public transportation systems. In Privacy Enhancing Technologies (PETS\u201913) (Lecture Notes in Computer Science), Emiliano De Cristofaro and Matthew Wright (Eds.), Vol. 7981. Springer, 40--59."},{"key":"e_1_2_1_27_1","volume-title":"Moo: A Batteryless Computational RFID and Sensing Platform. Technical Report","author":"Ransford Benjamin","year":"2011","unstructured":"Benjamin Ransford, Kevin Fu, Hong Zhang, Jeremy Gummeson. 2011. Moo: A Batteryless Computational RFID and Sensing Platform. Technical Report. University of Massachusetts Computer Science."},{"key":"e_1_2_1_28_1","volume-title":"Smart card standard: Cards with contacts. Electrical interface and transmission protocols. (last updated","author":"ISO","year":"2006","unstructured":"ISO 7816-3. 2006. Smart card standard: Cards with contacts. Electrical interface and transmission protocols. (last updated: 2006)."},{"key":"e_1_2_1_29_1","volume-title":"Smart card standard: Organization, security and commands for interchange. (last updated","author":"ISO","year":"2005","unstructured":"ISO 7816-4. 2005. Smart card standard: Organization, security and commands for interchange. (last updated: 2005)."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.5555\/646764.703989"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/548089"},{"volume-title":"Security and Privacy in Communication Networks (SecureComm\u201911) (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering)","author":"Mostowski Wojciech","key":"e_1_2_1_32_1","unstructured":"Wojciech Mostowski and Pim Vullers. 2011. Efficient U-prove implementation for anonymous credentials on smart cards. In Security and Privacy in Communication Networks (SecureComm\u201911) (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering), Muttukrishnan Rajarajan, Fred Piper, Haining Wang, and George Kesidis (Eds.), Vol. 96. Springer, 243--260."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/646760.706004"},{"key":"e_1_2_1_34_1","unstructured":"PROTON. 2014. An offline smartcard payment system. Retrieved from http:\/\/mypaymentsolution.be\/index\/en_US\/5118014\/5126207\/Proton.htm."},{"key":"e_1_2_1_35_1","unstructured":"SEEK. 2014. Secure Element Evaluation Kit for the Android platform. Retrieved from http:\/\/code.google.com\/p\/seek-for-android."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/WIFS.2009.5386474"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.5555\/647097.717009"},{"key":"e_1_2_1_38_1","unstructured":"Visa payWave. 2014. Mobile payments. Retrieved from https:\/\/developer.visa.com\/paywavemobile."}],"container-title":["ACM Transactions on Embedded Computing Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2783439","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2783439","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:07:14Z","timestamp":1750223234000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2783439"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,9,9]]},"references-count":38,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,12,8]]}},"alternative-id":["10.1145\/2783439"],"URL":"https:\/\/doi.org\/10.1145\/2783439","relation":{},"ISSN":["1539-9087","1558-3465"],"issn-type":[{"type":"print","value":"1539-9087"},{"type":"electronic","value":"1558-3465"}],"subject":[],"published":{"date-parts":[[2015,9,9]]},"assertion":[{"value":"2014-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-05-01","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2015-09-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}