Skip to main content

Anonymous and secure electronic transaction protocol

Aset: Un Protocole Anonyme et Sécuritaire Pour les Transactions Électroniques


We present a new protocol for electronic transactions which is not only secure but also anonymous, the latter characteristic being obtained by associating an encryption device with a chip card. Security is ensured by the use of encryption, electronic signature and authentication. In order to check the validity of the security properties enforced by the protocol, a model and a specification are provided. The protocol modeling language is a process algebra with value passing extended by an observation mechanism allowing the specification of security levels, by cryptographic primitives, and by a function call feature on private channels allowing the modeling of interactions with the crypto-system. The anonymity is expressed by an information flow property. The verification method, based on cosimulation, is proved consistent and complete and analysis confirms that this approach ensures not only anonymity (thanks to the fact that the client never discloses to the merchant any information permitting his identification), but also the quasi-impossibility of any fraudulent transaction.


Nous présentons un nouveau protocole de transaction électronique sécuritaire et surtout anonyme par lássociation dún logiciel de cryptage et dúne carte à puce. La sécurité du protocole est assurée par lútilisation des techniques crypto graphique s telles que le chiffrement, la signature électronique et láuthentification. En vue de sássurer que les propriétés de sécurité que le protocole doit assumer sont vérifiées, un modèle du protocole et une spécification de lánonymat sont donnés. Le langage de modélisation du protocole est une algèbre de processus avec passage de paramètres par valeur étendue dún mécanisme appelé observation permettant de spécifier des niveaux de sécurité, de primitives crypto graphique s et d’un mécanisme d’appel de fonction sur des canaux privés permettant la modélisation de l’interaction avec le crypto-système. L’anonymat est exprimé comme une propriété de flot d’information. La méthode de vérification, basée sur la cosimulation, est cohérente et complète. L’analyse confirme que l’anonymat est assuré par le fait que le client ne révèle au marchand aucune information pouvant l’identifier tout en garantissant la quasi-impossibilité d’une fraude.

This is a preview of subscription content, access via your institution.


  1. Abrazhevich (D.), Classification and Characteristics of Electronic Payment Systems, In: K. Bauknecht, S.K. Madria and G. Pernul (eds.), EC-Web2001, SpringerLncs 2115, p. 81–90, 2001.

  2. Bella (G.),Massacci (F.),Paulson (L.), The Verification of an Industrial Payment Protocol: TheSet Purchase Phase, In: Vijay Atluri (editor), Proc. 9th Acm Conf. on Comp.and Comm. Security,Acm Press, p. 12–20, 2002.

  3. Bella (G.),Massacci (F.),Paulson (L.),Tramontano (P.), Formal Verification of Cardholder Registration in set, Proc. of 6thEurvp. Symp.on Researchin Comp. Security (esorics00) SpringerLncs 1895, p. 159–174, 2000.

  4. Bella (G.),Paulson (L. C), Kerberos Version IV: Inductive analysis of the secrecy goals, Proc. of 5th Europ. Symp. on Research in Comp. Security (esorics98), SpringerLncs 1485, p. 361–375, 1998.

  5. Bellare (M.), Garay (J.A.), Hauser (R.), Herzberg (A.) Krawczyk (H.), Steiner (M.), Tsudik (G.), Van Herreweghen (E.), Waidner (M.), Design, implementation and deployment of the iKP secure electronic payment systemn,Ieee J. 1st Selected Areas Comm., 18 (4), p. 611–627, 2000.

    Article  Google Scholar 

  6. Bodei (C),Degano (P.),Focardi (R.),Gorrieri (R.),Martinelli (F.). Techniques for security checking: Non-interference vs Control Flow Analysis.Proc. of the Final Workshop Tosca,Entcs 62, 2001.

  7. Bolignano (D.), Towards the Formal Verification of Electronic Commerce Protocols. InProc. of 10th Computer Security Foundations Workshop, p. 133–146, 1997.

  8. Bresse (P.),Beaure d’Augères (G.),Thuillier (S.), Paiement Numérique sur Internet,International Thomson Publishing, 1997.

  9. Burrows (M.), Abadi (M), Needham (R.), A Logic of Authentication,Acm Transactions on Computer Systems, 1 (8), p. 18–36, Feb. 1990.

    Article  Google Scholar 

  10. Chaum (D.), Blind Signatures for Untraceable Payments, In David Chaum, Ronald L. Rivest, and Alan T. Sherman, editors,Advances in Cryptologycrypto’82, pages 199–203. Plenum Press, August 1983.

  11. Daniel Simon (R.), Anonymous Communication and Anonymous Cash, In Neal Koblitz, editor, Advances in Cryptology —Crypto’96, Lecture Notes in Computer Science,Lncs 1109, pages 61–73. Springer-Verlag, August 1996.

  12. Dolev (D.), Yao (A. C.), On the security of public key protocols,Ieee Transactions of Information Theory, IT-29 (2), p. 198–208, 1983.

    MathSciNet  Article  Google Scholar 

  13. Focardi (R.),Ghelli (A.),Gorrieri (R.), Using non interference for the analysis of security protocols, In H. Orman and C. Meadows, editors,Proc. of the dimacs Workshop on Design and Formal Verification of Security Protocols, Rutgers University, 1997.

  14. Focardi (R.), Gorrieri (R.), A classification of security properties for process algebras,Journal of Computer Security, 3 (1), p. 5–33, 1994/1995.

    Google Scholar 

  15. Garfinkel (S.), Spafford (G.), Web Security & Commerce.Cambridge, MA: O’Reilly and Assoc, 2001.

    Google Scholar 

  16. Hughes (D.), Shmatikov (V), Information Hiding, Anonymity and Privacy: A Modular Approach.Journal of Computer Security, special issue on selected papers of wits 2002 (ed. J. Guttman), vol. 12 (1), pages 3–36, 2004.

    Google Scholar 

  17. Kessler (K.),Neumann (H.), A Sound Logic for Analyzing Electronic Commerce Protocol, Proc. of 5th Europ. Symp. on Res. in Comp. Sec. (Esorics98) SpringerLncs 1485, p. 345–360, 1998.

  18. Lafrance (S.),Mullins (J.), Bisimulation-based non-deterministic admissible interference with applications to the analysis on cryptographic protocols,Inter. J. in Inform, and Soft. Tech., p. 1–25, 2002.

  19. Law (L.),Sabett (S.),Solinas (J.), How to make a mint: the cryptography of anonymous electronic cash. National Security Agency, Office of Information Security Research and Technology, Cryptology Division, June 1996.

  20. Lu (S.),Smolka (S. A.), Model Checking the Secure Electronic Transaction (set) Protocol, InProc. of 7th Inter. Symp. on Modeling, Analysis and Simulation of Comp. and Telecom. Systems, p. 358–365, 1999.

  21. Macgregor (R.),Ezvan (C),Liguori (L.),Han (J.), Secure Electronic Transactions: Credit Card Payment on the Web in Theory and Practice,IBM RedBook 5C24-4978-00, 1997, Available electronically at

  22. Mastercard & VISA,Set Secure Electronic Transaction Specification, May 1997. Available electronically at

  23. Meadows (C),Syverson (P.), A Formal Specification of Requirements for Payment Transactions in theSet Protocol,Proc. of 2 Conf. on Financial Cryptography, SpringerLncs 1465, p. 122–140, 1998.

  24. Medvinsky (G.),Neuman (C), NetCash: A design for practical electronic currency on the Internet.Proc. of the 1st ACM Conf. on Computer and Communications Security, p. 102–106, November 1993.

  25. Milner (R.),Communication and concurrency. Prentice-Hall, 1989.

  26. Mullins (J.), Nondeterministic admissible interference.J. of Uni. Comp. Sci., 6 (11), p. 1054–1070, 2000.

    MATH  Google Scholar 

  27. Ogata (K.), Futatsugi (K.), Flaw and modification of the iKP electronic payment protocols,Information Processing Letters, 86 (2), p. 57–62, 2003.

    MathSciNet  Article  Google Scholar 

  28. Panti (M),Spalazzi (L.),Tacconi (S.),Valenti (S.), Automatic verification of security in payment protocols for electronic commerce,Proc. 4th Inter. Conf. on Enterprise Inform. Systems (Iceis’02`), p. 968–974, 2002.

  29. Paulson (L. C.), Inductive analysis of the internet protocolTls,Acm Trans. on Inform, and Sys. Sec., 2(3), p. 332–351, 1999.

    Article  Google Scholar 

  30. Shmatikov (V.), Probabilistic Model Checking of an Anonymity System,Journal of Computer Security, special issue on selected papers of csFW-15 (ed. S. Schneider), vol. 12 (3/4), p. 355–377, 2004.

    Google Scholar 

  31. Schneider (S.), Security properties andCsp,Ieee Symp. on Security and Privacy, p. 174–187, 1996.

  32. Schneider (S.),Sidiroupoulos (A.),Csp and Anonymity, In Proc.Es-orics, volume 1146 ofLncs, p.198–218, Springer-Verlag, 1996.

  33. Schoenmakers (B.), Basic Security of the ecash Payment System. In Bart Preneel and Vincent Rijmen, editors,Computer Security and Industrial Cryptography: State of the Art and Evolution, Lecture Notes in Computer Science,Lncs 1528, p. 342–356. Springer-Verlag, June 1998.

  34. Syverson (P.),Stubblebine (S.) Group Principals and the Formalization of Anonymity,In Proc. Wold Congress on Formal Methods, volume 1708 ofLncs, pages 140–156. Springer-Verlag, 1999.

  35. Syverson (P.),Stubblebine (S.),Goldschlag (D.), Unlinkable Serial Transactions: Protocols and Applications, InAcm Transactions on Information and System Security, vol. 2, no 4, November 1999.

  36. Tyger (J. D.), Sirbu (M.), NetBill: An Internet Commerce System Optimized for Network Delivered Services.Ieee Personal Communications, 2 (4), p. 34–39, 1995.

    Article  Google Scholar 

  37. Van Herreweghen (E.), Non-repudiation in set: Open Issues,Proc. of 4th Conf. on Financial Cryptography SpringerLncs 1962, p. 140–156, 2001.

  38. Van Herreweghen (E.), Secure Anonymous Signature-Based Transactions. In F. Cuppens, Y. Deswarte, D. Gollmann, and M. Waidner, editors,Proceedings of the Sixth European Symposium on Research in Computer Security (esorics), Volume 1895 of Lecture Notes in Computer Science. Springer-Verlag, November 2000.

Download references

Author information

Authors and Affiliations


Additional information

Supported by anNserc grant (Government of Canada)

Supported by aNateq doctoral scholarship (Government of Quebec)

Supported by anNserc grant (Government of Canada).

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Brlek, S., Hamadou, S. & Mullins, J. Anonymous and secure electronic transaction protocol. Ann. Télécommun. 60, 530–557 (2005).

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI:

Key words

  • Computing transaction
  • Internet security
  • Cryptography
  • Integrated circuit card
  • Transmission protocol
  • e-business
  • Formal method
  • Modeling
  • Privacy

Mots clés

  • Transaction informatique
  • Sécurité Internet
  • Cryptographie
  • Carte à puce
  • Protocole de communication
  • Commerce électronique
  • Méthode formelle
  • Modélisation
  • Confidentialité