实用的强不可分割多重息票方案

当前，多重息票方案设计中的主要困难是如何设计能自由设置兑换次数上界的息票发布协议且所得协议的复杂性并不依赖于这个上界，以及如何为兑换协议提供高效、灵活的兑换机制.为此，提出两个具备改进的效率与功能的方案.新方案分别利用Chaabouni等人的离散对数区间证明技术和Canard等人的关于被承诺元素的知识证明技术实现了对息票兑换次数上界的灵活设置，并且利用Peng等人的批量零知识证明与验证技术对兑换协议的运算复杂度进行了优化.新方案在Nguyen的形式化模型下满足可证安全，而且首次实现了实际应用中的全部理想特性，即并发发布、紧凑存储、批量兑换以及支持设置息票对象和过期日期.性能分析表明，新方案的通信与运算耗费显著低于已有的两个满足强不可分割性质的方案.

Practical Multi-Coupon Schemes with Strong Unsplittability

So far, one main obstacle in constructing multi-coupon schemes is how to devise an efficient issue protocol in which the size of the multi-coupons can be chosen freely and the complexity of the resultant protocol is not dependent on the size of the multi-coupons. Another obstacle is how to provide efficient and flexible mechanisms for redemption protocol. This paper overcame these problems by proposing two revised schemes with improved efficiency and functionality. In order to specify the size of multi-coupons flexibly, the new schemes employed the discrete logarithm based range proof by Chaabouni et al. and the knowledge proof of committed values by Canard et al. respectively. In addition, the computation complexities of redemption protocols were optimized by making use of the batch zero-knowledge proof and verification by Peng et al. It can be proved that the new schemes are secure in Nguyen's security model for multi-coupon schemes. Moreover, the new schemes for the first time achieve all the desirable features required in applications, i.e., concurrent issuing, compact storage, batch redeeming, as well as supporting coupon's object and its expiration date. Furthermore, performance comparison shows that their communication and computation overheads are significantly lower than the previous two schemes with strong unsplittability.