A novel electronic cash system with trustee-based anonymity revocation from pairing

1567-4223/$ see front matter 2011 Elsevier B.V. A doi:10.1016/j.elerap.2011.06.002 ⇑ Corresponding author. Tel.: +886 5 2721001; fax: E-mail address: [email protected] (J.-S. Cho 1 A typical e-cash withdrawal protocol requires a pr so it can ensure that the bank and customer have mutu e-cash withdrawal. Untraceable electronic cash is an attractive payment tool for electronic-commerce because its anonymity property can ensure the privacy of payers. However, this anonymity property is easily abused by criminals. In this paper, several recent untraceable e-cash systems are examined. Most of these provide identity revealing only when the e-cash is double spent. Only two of these systems can disclose the identity whenever there is a need, and only these two systems can prevent crime. We propose a novel e-cash system based on identity-based bilinear pairing to create an anonymity revocation function. We construct an identity-based blind signature scheme, in which a bank can blindly sign on a message containing a trustee-approved token that includes the user’s identity. On demand, the trustee can disclose the identity for e-cash using only one symmetric operation. Our scheme is the first attempt to incorporate mutual authentication and key agreement into e-cash protocols. This allows the proposed system to attain improvement in communication efficiency when compared to previous works. 2011 Elsevier B.V. All rights reserved.