Strong anonymous mobile payment against curious third-party provider
M-commerce provides convenient services and has developed rapidly in recent years. But security and privacy have always been major concerns for most users. Among existing payment systems, PayPal as well as Alipay has a third-party payment provider (TPP) but does not provide anonymity. Bitcoin provides anonymity but its decentralized framework without TPP causes high energy consumption and security attack issues. Further information can be deduced from the public decentralized ledger, Bitcoin cannot offer strong privacy guarantees. Therefore, unifying strong anonymity, security and efficiency is challenging in mobile payment. This paper proposes a strong anonymous mobile payment against a curious third-party provider (SATP). A ticket as a new means of payment is partially blindly signed by TPP using certificateless cryptographic primitives. SATP can ensure confidentiality of payment data, non-repudiation and revocation of payment operation, and anonymity of payer’s identity. Especially, it can enable a user to pay anonymously even in face of a curious TPP. Performance analysis shows that SATP avoids high energy consumption like Bitcoin, and its communication cost is less than that of the existing anonymous research work.
KeywordsMobile payment Ticket Strong anonymous Revocation Partially blind signature
This work was supported by the Major Research Project for Social Science Innovation and Development of Anhui Province (Grant No. 2017ZD005), the Visiting Scholar Projects of Anhui Province for Excellent Young and Middle-aged Backbone Talents (Grant No. gxfxZD2016305), and the Natural Science Foundation of Anhui Province (Grant No. 1608085MF141). We would like to thank the anonymous referees and Editors for their valuable comments and suggestions.
- 3.Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.Google Scholar
- 5.Conti, M., Lal, C., & Ruj, S. (2017). A survey on security and privacy issues of Bitcoin. arXiv preprint arXiv:1706.00916.
- 7.Specification, S. S. E. T. (1997). Book 3: Formal protocol definition. In SET Secure Electronic Transaction LLC, Version (p. 1).Google Scholar
- 12.Isern-Deya, A. P., Magdalena Payeras-Capella, M., Mut-Puigserver, M., & Ferrer-Gomila, J. L. (2012). Anonymous, secure and fair micropayment system to access location-based services. In Trustworthy ubiquitous computing (pp. 227–247).Google Scholar
- 13.Sekhar, V. C., & Sarvabhatla, M. (2012). Secure lightweight mobile payment protocol using symmetric key techniques. In International Conference on Computer Communication and Informatics (pp. 1–6).Google Scholar
- 16.Shamir, A. (1984). Identity-based cryptosystems and signature schemes. In Crypto (vol. 84, pp. 47–53).Google Scholar
- 17.Zhang, F., Safavi-Naini, R., & Susilo, W. (2003). Efficient verifiably encrypted signature and partially blind signature from bilinear pairings. In Indocrypt (vol. 2904, pp. 191–204).Google Scholar
- 18.Chow, S., Hui, L., Yiu, S., & Chow, K. (2005). Two improved partially blind signature schemes from bilinear pairings. Information security and privacy (pp. 355–411). Berlin: Springer.Google Scholar
- 20.Boneh, D., & Franklin, M. (2001). Identity-based encryption from the Weil pairing. In Annual international cryptology conference (pp. 213–229). Berlin: Springer.Google Scholar
- 21.Pointcheval, D., & Stern, J. (1996). Security proofs for signature schemes. In Eurocrypt (vol. 96, pp. 387–398).Google Scholar
- 24.Calandriello, G., Papadimitratos, P., Hubaux, J. P., & Lioy, A. (2007). Efficient and robust pseudonymous authentication in VANET. In International workshop on vehicular ad hoc networks, Vanet 2007, Montréal, Québec, Canada (pp. 19–28). OAI.Google Scholar