# Yiannis Tsiounis's research while affiliated with Northeastern University and other places

**What is this page?**

This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.

It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.

If you're a ResearchGate member, you can follow this page to keep up with this author's work.

If you are this author, and you don't want us to display this page anymore, please let us know.

It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.

If you're a ResearchGate member, you can follow this page to keep up with this author's work.

If you are this author, and you don't want us to display this page anymore, please let us know.

## Publications (24)

We present group encryption, a new cryptographic primitive which is the encryption analogue of a group signature. It possesses similar verifiability, security and privacy properties, but whereas a group signature is useful whenever we need to conceal the source (signer) within a group of legitimate users, a group encryption is useful whenever we ne...

Cryptography has been instrumental in reducing the involvement of over-head third parties in protocols. For example; a digital signature scheme assures a recipient that a judge who is not present at message transmission will nevertheless approve the validity of the signature. Similarly, in off-line electronic cash the bank (which is off-line during...

The IEEE 802.11 Wireless Local Area Network (WLAN) specifications have been the subject of increased attention due to their rapid commercial adaptation and the introduction of new security and privacy concerns. The IEEE 802.1x standard was introduced in order to overcome the initial security shortcomings of the Wired Equivalent Privacy (WEP) protoc...

Currently, the Internet and the World Wide Web on-line business has boomed, with tra#c, advertising and content growing at sustained exponential rates. However, the full potential of on-line commerce has not been possible to realize due to the lack of convenient and secure electronic payment methods (e.g., for buying e-goods and paying with e-money...

One of the key directions in complexity theory which has also filtered through to cryptographic research, is the e#ort to classify related but seemingly distinct notions. Separation or reduction arguments are the basic means for this classification.

This work presents a new privacy primitive called “Traceable Signatures”, together with an efficient provably secure implementation. To this end, we develop the underlying mathematical and protocol tools, present the concepts and the underlying security model, and then realize the scheme and its security proof. Traceable signatures support an exten...

The legal framework provided by the Electronic Signature Act, enacted to law as of October 1, 2000, has fueled the interest
for digital signature-based payment transactions over the Internet. The bulk of formalization and security analysis to date
on such secure payments has focused on creating new secure channels for existing credit or debit card...

We introduce the k-payment problem: given a total budget of N units, the problem is to represent this budget as a set of coins, so that any k exact payments of total value at most N can be made using k disjoint subsets of the coins. The goal is to minimize the number of coins for any given N and k, while allowing the actual payments to be made on-l...

Currently, the Internet and the World Wide Web on-line business is booming, with traffic, advertising and content growing at sustained exponential rates. However, the full potential of on-line commerce has not been possible to realize due to the lack of convenient and secure electronic payment methods (e.g., for buying e-goods and paying with e-mon...

. In Crypto '93, S. Brands presented a very efficient off-line electronic cash scheme based on the representation problem in groups of prime order. In Crypto '95 a very efficient off-line divisible e-cash scheme based on factoring Williams integers was presented by T. Okamoto. We demonstrate one efficient attack on Okamoto's scheme and two on Brand...

. Electronic cash, and other cryptographic payment systems, offer some level of user anonymity during a purchase, in order to emulate electronically the properties of physical cash exchange. However, it has been noted that there are crime-prevention situations where anonymity of notes is undesirable; in addition there may be regulatory and legal co...

One of the key directions in complexity theory which has also filtered through to cryptographic research, is the effort to classify related but seemingly distinct notions. Separation or reduction arguments are the basic means for this classification.
Continuing this direction we identify a class of problems, called “matching problems,” which are re...

Anonymous off-line electronic cash (e-cash) systems provide transactions that retain the anonymity of the payer, similar to physical cash exchanges, without requiring the issuing bank to be on-line at payment. Fair off-line e-cash extend this capability to allow a qualified third party (a “trustee”) to revoke this anonymity under a warrant or other...

Recently, there has been an interest in creating practical anonymous electronic cash with the ability to conduct payments of exact amounts, as is typically the practice in physical payment systems. The most general solution for such payments is to allow electronic coins to be divisible (e.g., each coin can be spent incrementally but total purchases...

Any system which contains some form of cryptographic authentication, confidentiality and/or identification requires the provisioning of a secure key generation and distribution capability. The key distribution mechanism for wireless cellular systems, such as IS-95 CDMA, IS-136 TDMA and IS-91 Analog, has recently been investigated by the Telephone I...

The ElGamal encryption scheme has been proposed several years ago and is one of the few probabilistic encryption schemes. However, its security has never been concretely proven based on clearly understood and accepted primitives. Here we show directly that the decision Diffie-Hellman assumption implies the security of the original ElGamal encryptio...

We consider the k-payment problem: given a total budget of N
units, the problem is to represent this budget as a set of coins, so
that any k exact payments of total value at most N can be made using k
disjoint subsets of the coins. The goal is to minimize the number of
coins for any given N and k, while allowing the actual payments to be
made on-li...

Electronic cash, and other cryptographic payment systems, offer a level of user anonymity during a purchase, in order to emulate electronically the properties of physical cash exchange. However, it has been noted that there are crime-prevention situations where anonymity of notes is undesirable; in addition there may be regulatory and legal constra...

In Crypto '93, S. Brands presented a very efficient off-line electronic cash scheme based on the representation problem in groups of prime order. In Crypto '95 a very efficient off-line divisible e-cash scheme based on factoring Williams integers was presented by T. Okamoto. We demonstrate one efficient attack on Okamoto's scheme and two on Brands'...

Cryptography has been instrumental in reducing the involvement of over-head third parties in protocols. For example; a digital signature scheme assures a recipient that a judge who is not present at message transmission will nevertheless approve the validity of the signature. Similarly, in off-line electronic cash the bank (which is off-line during...

Currently, the Internet and the World Wide Web on-line business is booming, with trac, advertising and content growing at sustained exponential rates. However, the full potential of on-line com- merce has not been possible to realize due to the lack of convenient and secure electronic payment methods (e.g., for buying e-goods and paying with e-mone...

## Citations

... Brand introduced a restrictive blind signature scheme where a client provides zero-knowledge proof along with his identity in the resulting blind signature [6,7]. The scheme is inadequate to prevent double spending of e-coin if a malicious user can construct a forged identity and can spend the e-coin multiple times [8]. Fujisaki and Okamoto introduced a partially blind signature to overcome the downsides of carrying public and private keys where bank needs to maintain a huge database of every client [9,10]. ...

... It is related to certain well-known problems [16] such as postagestamp problem, knapsack problem, and change-making problem. The closest one is the k-payment problem [17], which was motivated by electronic cash model, where exact representation of each payment by the corresponding set of coins is required. Our problem, in contrast, is motivated by optical switching, where the hardware cost depends on the size of switching matrix, while the switched wavebands (coins) may or may not be completely occupied by wavelengths (units) unlike the k-payment problem. ...

... Nevertheless, some alternative e-cash systems were proposed that managed to avoid the growth of the e-cash data (D'Amiano and Di Crescenzo, 1994;Okamoto, 1995). However, as mentioned in Chan et al. (1998), Tsiounis (1997), those e-schemes had other issues such as the limit of the total size of payments or lack of efficiency of e-cash protocols. In Fuchsbauer (2009) an attempt was made to construct a transferable e-cash scheme without the aforementioned data growth problem. ...

... We note that revocable anonymity is a concept which has been considered at great length in other fields, such as digital cash [27,28,31,10,17]. In digital cash, it is particularly important that it should be possible to link an electronic coin to the person who spent it once the transaction has occurred (for example, that coin may have been spent twice, or spent illegally). ...

... En la década de los noventa, toma impulso el movimiento Cypherpunk, inspirado en los principios de la anarquía digital y un conocimiento de matemáticas avanzadas, alentando el uso de sistemas criptográficos que permitieran salvaguardar la información personal y la privacidad en los pagos (Cavaller Riva y Ortega Yubro, 2021). Por estos años, nacieron proyectos como B-Money (Brands, 1994) y Bit Gold (Frankel et al., 1996) con la intención de eliminar a los intermediarios en los procesos de negociación. Cabe destacar la iniciativa de David Chaum que en 1990 lanza DigiCash y, posteriormente, eCash, que permitía realizar pagos con dinero electrónico a través de computadoras empleando solamente un software. ...

... The idea of determining whether a committed integer falls within a given range was first proposed in [19] and further expanded in [13,15]. The CFT Proof [16] achieves the goal of demonstrating that a secret value is within a given range. However, the CFT proof has a very high expansion rate. ...

... After double spending, the bank would be able to clear the structure in a polynomial time. Although Brands' scheme suffers from some weaknesses in misrepresenting the identity of the customer [17], some solutions have been proposed to prevent these weaknesses [10] [17]. Afterward, some schemes have been presented, which use a similar method to Bands' restrictive blind signature, to detect the identity of a double spender [18] [19] [20]. ...

... This technology prevented centralized institutions that provide signatures from linking users to their transactions. A series of other digital currency payment technologies like J. Wu et al. universal electronic cash (Okamoto and Ohta, 1991), untraceable offline cash (Brands, 1993), fair blind signatures (Stadler et al., 1995), fair off-line e-cash (Frankel et al., 1996) later emerged in the 1990s. However, a common problem existed in these technologies is that-trusted third parties are needed to detect double spending attacks. ...

... Nevertheless, in 1998, Frankel, Tsiounis and Yung in [26] pointed out that to date, there have been no efficient systems that could offer provable security. They proposed a fair off-line e-cash system, where the trusted third party could revoke the anonymity under a warrant or in the case of specified suspicious activity. ...

... Our scheme adopts credit-based charging, i.e. the system charges each mobile user after it has finished a sequence of services for the user, just as the practical situation in the real world. It is different from the others which provided approaches of debit-based charging, i.e. each mobile user has to purchase payment token(s) before she/he starts accessing the services provided by the system [6,12]. What are the differences between charging mobile users in advance and charging them after the services? ...