论文信息 - Security Analysis on Secure Untraceable Off-line Electronic Cash System

Security Analysis on Secure Untraceable Off-line Electronic Cash System

In 2013, Baseri et al. proposed an untraceable off-line electronic cash scheme from the RSA cryptosystem. They used a method that injects the expiration date and the spenders identity onto the coin to prevent double spending. The authors claimed that the scheme provides the properties of anonymity, unforgeability, double spending detection, and date attachability. Unfortunately, we find that there are security flaws in terms of verifiability, unreuseablity, and unforgeability. First, the verifiable method of e-cash in their scheme is not correct according to Euler’s Theorem. Second, malicious spenders can inject a false identity in the withdrawal phase due to the homomorphic property of modular operation. Therefore, coins can be doubly spent without being detected. Finally, a malicious spender or merchant can forge valid coins using existing coins.

[1] Wen-Shenq Juang,et al. A practical anonymous multi-authority e-cash scheme , 2004, Appl. Math. Comput..

[2] David Chaum,et al. Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[3] Yalin Chen,et al. On the Privacy of "User Efficient Recoverable Off-Line E-Cash Scheme with Fast Anonymity Revoking" , 2015, Int. J. Netw. Secur..

[4] Mehdi Talebi,et al. A new untraceable off-line electronic cash system , 2011, Electron. Commer. Res. Appl..

[5] Chun-I Fan,et al. Customer Efficient Electronic Cash Protocols , 2007, J. Organ. Comput. Electron. Commer..

[6] Zuowen Tan,et al. An Off-line Electronic Cash Scheme Based on Proxy Blind Signature , 2011, Comput. J..

[7] Amos Fiat,et al. Untraceable Electronic Cash , 1990, CRYPTO.

[8] Chun-I Fan,et al. User efficient recoverable off-line e-cash scheme with fast anonymity revoking , 2013, Math. Comput. Model..

[9] Wenbo Mao,et al. Modern Cryptography: Theory and Practice , 2003 .

[10] Javad Mohajeri,et al. Secure untraceable off-line electronic cash system , 2013, Sci. Iran..

[11] Xiaofeng Chen,et al. ID-based restrictive partially blind signatures and applications , 2007, J. Syst. Softw..

[12] Yanchun Zhang,et al. A flexible payment scheme and its role-based access control , 2005, IEEE Transactions on Knowledge and Data Engineering.

[13] Xiaoming Hu,et al. Analysis of ID-based restrictive partially blind signatures and applications , 2008, J. Syst. Softw..