Trust-minimizing BDHKE-based e-cash mint using secure hardware and distributed computation [TRUSTBus 2024]

@inproceedings{trustbus-2024-dufka,
author = {Dufka, Antonin and Janku, Jakub and Svenda, Petr},
title = {Trust-minimizing BDHKE-based e-cash mint using secure hardware and distributed computation},
year = {2024},
isbn = {9798400717185},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/3664476.3670889},
doi = {10.1145/3664476.3670889},
booktitle = {Proceedings of the 19th International Conference on Availability, Reliability and Security},
articleno = {190},
numpages = {10},
keywords = {e-cash, multi-party computation, smartcards, trust-minimization},
location = {Vienna, Austria},
series = {ARES '24}
}

Abstract

The electronic cash (or e-cash) technology based on the foundational work of Chaum [7] is emerging as a scalability and privacy layer atop of expensive and traceable blockchain-based currencies. Unlike trustless blockchains, e-cash designs inherently rely on a trusted party with full control over the currency supply. Since this trusted component cannot be eliminated from the system, we aim to minimize the trust it requires.

We approach this goal from two angles. Firstly, we employ misuse-resistant hardware to mitigate the risk of compromise via physical access to the trusted device. Secondly, we divide the trusted device’s capabilities among multiple independent devices, in a way that ensures unforgeability of its currency as long as at least a single device remains uncompromised. Finally, we combine both these approaches to leverage their complementary benefits.

In particular, we surveyed blind protocols used in e-cash designs with the goal of identifying those suitable for misuse-resistant, yet resource-constrained devices. Based on the survey, we focused on the BDHKE-based construction suitable for the implementation on devices with limited resources. Next, we proposed a new multi-party protocol for distributing the operations needed in BDHKE-based e-cash and analyzed its security. Finally, we implemented the protocol for the JavaCard platform and demonstrated the practicality of the approach by measuring its performance on a physical smartcard.