Retrofitting Fairness on the Original RSA-Based E-cash

The notion of fair e-cash schemes was suggested and implemented in the last decade. It balances anonymity with the capability of tracing users and transactions in cases of crime or misbehavior. The issue was raised both, in the banking community and in the cryptographic literature. A number of systems were designed with an off-line fairness, where the tracing authorities get involved only when tracing is needed. However, none of them is based on the original RSA e-cash. Thus, an obvious question is whether it is possible to construct an efficient fair e-cash scheme by retrofitting the fairness mechanism on the original RSA-based scheme. The question is interesting from, both, a practical perspective (since investment has been put in developing software and hardware that implement the original scheme), and as a pure research issue (since retrofitting existing protocols with new mechanisms is, at times, harder than designing solutions from scratch). In this paper, we answer this question in the affirmative by presenting an efficient fair off-line e-cash scheme based on the original RSA-based one.