Multi-bank offline electronic cash model and protocol design based on smart card

With the rapid development of computer network technology and digital information technology, e-commerce will become the main business model of the information society. One of its core technologies is to provide a safe, convenient and user-privacy-protected electronic payment system (EPS), and electronic cash (e-cash) is a very important electronic payment system. Among them, merchants and users can have their own multi-bank offline electronic cash systems, which are more in line with actual needs and are a hot topic for scholars in various countries today. However, electronic cash in the form of digital strings can be easily copied multiple times. Therefore, an important issue in designing a multi-bank offline electronic cash solution is to prevent repeated spending. There are two existing offline solutions:

a) Pre-emptive blocking. Add anti-tampering hardware to the user's electronic wallet, generally used for a single bank. For example, an electronic payment system using Smart cards was first proposed by S. Brands [3] in 1993.

b) Post-detection. When storing, search the electronic cash database that has been paid. If a record identical to the electronic cash stored this time is found, the bank will find out the identity of the duplicate spender.

Most existing offline electronic cash schemes only use method b) to ensure security. However, if someone owns an account with the wrong identity, or disappears after repeatedly spending a large amount of currency, then even if the system detects the identity of the double spender afterwards, it cannot make up for the huge losses that have been caused. It can be seen that method a) that can prevent double spending before it happens is also very important.

This paper combines the idea of ​​multi-bank offline electronic cash protocol [4-6] with the above two methods, adopts elliptic curve cryptography, and proposes a multi-bank offline electronic cash model based on smart cards and the detailed design of the corresponding protocol. While ensuring user privacy, this protocol uses both pre-prevention and post-detection methods to effectively solve the problem of duplicate spending, reducing the burden of post-detection on banks and enhancing the security of the system; at the same time, the introduction of smart cards can improve the convenience and flexibility of users in transactions, which is more in line with the trend of actual development.

1 Multi-bank offline electronic cash model based on smart card

This paper proposes a smart card-based multi-bank offline electronic cash model. The model includes the following participants: banks (Bank1, ?, Bankn), users (User, with its own bank Banki) and merchants (Shopper, with its own bank Bankj). Different protocols are executed between the participants to complete the electronic transaction.

The features of this model are as follows:

a) Multiple banks work together, pass information to each other, and complete tasks together.

b) The user's electronic wallet contains a bank-issued, tamper-proof smart card. The smart card and the user's personal computer (PC) complete the protocol through mutual constraints. The smart card's constraints on the PC are as follows: if the user deletes information in the smart card that is unfavorable to him or her or spends the same electronic cash twice, the smart card will not work; the PC's constraints on the smart card are as follows: the smart card cannot directly transmit or receive information to or from the outside world, but must be transmitted through the PC to prevent the smart card from leaking the user's confidential information (such as identity, etc.), and mutual authentication is required when the PC and the smart card interact [7].

In the life cycle of electronic cash, there are three processes: withdrawal, payment and storage. The premise is that users and merchants have accounts in their respective banks. If not, they must first apply for a new account in their respective banks. Therefore, in the specific implementation of the protocol, it is divided into four processes: account opening, withdrawal, payment and storage.

The following is a brief description of the transaction process in the multi-bank offline electronic cash model based on smart cards:

a) Opening an account. The user and the merchant each sign an account opening agreement with their own bank and confirm it at the bank. The bank issues the user a smart card, which forms a user-side electronic wallet with the PC and participates in the agreement together.

b) Withdrawal. The user and his bank execute the withdrawal protocol on the authenticated communication channel to withdraw electronic cash from the user's account. The public key of the electronic cash contains information jointly generated by the smart card and the PC, and multiple banks perform restricted blind signatures on it.

c) Payment. The user and the merchant execute the payment agreement, and the payment can only be successfully made after the smart card is tested and confirmed that there is no duplicate spending. During this process, the merchant does not need to communicate with the bank, and the transaction is offline.

d) Storage. The merchant and his bank execute a storage agreement, and the bank detects whether there is repeated spending or repeated storage. If not, the electronic cash is deposited into the merchant's account; otherwise, the bank can reveal the identity of the user or merchant from two different payment information.

2 Smart card-based multi-bank offline electronic cash protocol

According to the above electronic cash transaction process, an elliptic curve cryptography system is used to design a multi-bank offline electronic cash protocol based on smart cards. In the protocol, multiple banks work together, and smart cards play a monitoring role while facilitating users to use electronic cash, so as to prevent repeated spending in advance.

Before the agreement is executed, multiple banks are required to complete the system initialization, and users and merchants must register and obtain account numbers at their respective banks.

2.1 Establishment of system parameters

2.2 Account Opening Agreement

2.3 Extraction protocol

2.4 Payment Agreement

2.5 Storage Protocol

3 Protocol Performance Analysis

The security of the protocol proposed in this paper is mainly based on elliptic curve cryptography, restricted blind signature and joint signature. The elliptic curve cryptography with the characteristics of "short key and high security" is more conducive to use on smart cards with low processing power, which can reduce its complexity and cost, while improving the execution efficiency of the protocol.

3.1 Fair anonymity

On the one hand, due to the addition of smart cards, this protocol adopts a scheme that is abstracted from the Radu joint signature scheme [10] [11]. This scheme allows two signers (smart card and PC) to use their private keys to jointly sign a certain information, such as the response to the merchant's question during payment; at the same time, it requires the signer's signature private key to be kept confidential, and the signature can be verified using its public key. In this way, it can prevent the bank's monitoring program from communicating with other programs and leaking user information, protecting the user's privacy, and ensuring that the monitoring program can effectively prevent users from spending repeatedly.

On the other hand, the extraction protocol in this paper is essentially a restricted blind signature protocol. Adding user account information A=s(U??P2) to electronic cash, since the user chooses the blinding factor s for blinding, neither the bank nor the merchant can see the user's account information, and the user satisfies the anonymity for the merchant and the bank. The bank cannot calculate the user's account information based on the electronic cash paid once; if the merchant repeatedly stores or the user repeatedly pays electronic cash, then the bank can find out the merchant or user's account based on the newly sent information and the corresponding information already in the database, so the protocol satisfies fair anonymity.

3.2 Unforgeability

3.3 Preventing Double Spending

If the tamper-proof property of the smart card is not destroyed, the user cannot spend the electronic cash repeatedly. Because the smart card and the PC work together to participate in the withdrawal and payment protocol, using joint signature technology, the PC cannot complete the entire transaction alone. In addition, the smart card stores a tuple (R, y0) consisting of the electronic cash logo and the electronic cash serial number it generates, where y0 is a one-time parameter. When paying, the smart card determines whether it is spent repeatedly by looking up (R, y0 ≠ 0). This method ensures that each electronic cash can only be spent once.

3.4 Post-detection duplication of costs

If the smart card is accidentally damaged, or the merchant attempts to store it repeatedly, the bank can still detect the identity of the repeat spender through post-detection methods to ensure the security of the system and protect the interests of the bank.

4 Conclusion

In the process of electronic cash developing from theory to practical application, the research of multi-bank electronic cash is an important topic. From the perspective of practical application, this paper establishes and analyzes a multi-bank offline electronic cash model based on smart cards to solve the problem of repeated spending in multi-bank offline electronic cash systems. On this basis, the various parts of the protocol are fully described. Finally, the analysis shows that the protocol proposed in this paper can effectively solve the problem of repeated spending and has good security, fairness, anonymity, unforgeability and practicality.