Decentralized, offline, and privacy-preserving e-cash could fulfil the need for both scalable and byzantine fault-resistant payment systems. Existing offline anonymous e-cash schemes are unsuitable for distributed environments due to a central bank. We construct a distributed offline anonymous e-cash scheme, in which the role of the bank is performed by a quorum of authorities, and present its two instantiations. Our first scheme is compact, i.e. the cost of the issuance protocol and the size of a wallet are independent of the number of coins issued, but the cost of payment grows linearly with the number of coins spent. Our second scheme is divisible and thus the cost of payments is also independent of the number of coins spent, but the verification of deposits is more costly. We provide formal security proof of both schemes and compare the efficiency of their implementations.

翻译：去中心化、离线且保护隐私的电子现金能够满足可扩展且具有拜占庭容错能力的支付系统需求。现有离线匿名电子现金方案因依赖中央银行而无法适用于分布式环境。我们构建了一种分布式离线匿名电子现金方案，其中银行角色由一组授权机构组成的法定人数执行，并给出了两种实例化方案。第一种方案是紧凑型的，即发行协议的成本和钱包的大小与发行的硬币数量无关，但支付成本随花费的硬币数量线性增长。第二种方案是可分割型的，因此支付成本也与花费的硬币数量无关，但存款验证的开销更高。我们提供了两种方案的形式化安全证明，并比较了它们实现上的效率。