Академический Документы
Профессиональный Документы
Культура Документы
DOI 10.1007/s11128-012-0398-3
Received: 7 December 2011 / Accepted: 15 March 2012 / Published online: 4 April 2012
Springer Science+Business Media, LLC 2012
X. Wen (B)
School of Electronics and Information Engineering, Shenzhen Polytechnic,
Shenzhen 518055, China
e-mail: szwxjun@sina.com
Y. Chen
Department of Electronics and Information Engineering,
Shijiazhuang University, Shijiazhuang 050035, China
J. Fang (B)
Department of Computer Science, The University of Hong Kong,
Hong Kong SAR, China
e-mail: junbinfang@gmail.com
123
550
X. Wen et al.
1 Introduction
Nowadays, E-commerce is in a period of rapid development and choosing an appropriate method of payment is very important for E-commerce transaction. Electronic
Cash (E-cash), which has the properties of anonymity and off-line transferability, is
becoming an ideal payment method, compared with other methods. Since Chaum has
proposed the concept of E-cash, many researchers dedicated to study E-cash system
and proposed a number of E-cash payment schemes [15].
Blind signature and group signature are the key techniques for implementing
E-payment systems. However, in modern cryptography, the classical group signature
and blind signature schemes are based on the computational complexity problems,
such as factorization problem, discrete logarithm problem, quadratic residue problem,
which could not be proved to be absolutely secure [6]. So the current E-cash systems,
which are based on the classical signature schemes, can not be proved to be unconditionally secure. Especially with the increasing computing power, these algorithms or
schemes will gradually become insecure at all. Fortunately, it has been proved that the
defect of modern cryptography can be overcome by quantum cryptography due to the
two outstanding characteristics of quantum cryptography - the unconditional security
and detectability of eavesdropping.
Since Bennett and Brassard [7] published their famous quantum key distribution
protocol in 1984 (named BB84 protocol), quantum cryptography has achieved great
success in secrecy communications fields. Subsequently, there were a lot of studies
on quantum signatures and quantum authentication [811]. However, the application
of quantum cryptography in E-cash is still very few. Recently, we firstly proposed
an E-payment protocol based on quantum group signature to solve the conditional
security problem in E-payment system [12]. In succession, we also proposed another
E-payment system based on quantum blind and group signature, employing two TTPs
(Third Trusted Party) instead of one to enhance the systems robustness [13]. However,
the limitation of these two protocols is that they can be only applied to the business
transactions within the same bank. In real life, there are many business transactions
between different banks and an E-payment system supports secure inter-bank transactions is desired from the view of practical application.
In this paper, we propose a new E-payment protocol to solve the problem and
support the radically secure E-payment between two different banks. In our system,
quantum proxy blind signature is adopted to implement the inter-bank payment and
guarantee its unconditional security. To the best of our knowledge, this is the first application of quantum proxy blind signature to an E-payment system. Compared with the
existing classical E-payment systems, unconditional security can be guaranteed by
the proposed system. Compared with the existing quantum E-payment systems, the
inter-bank transaction can be supported by this system.
The rest of this paper is organized as follows. In Sect. 2, we introduce the basic
theories of the quantum proxy signature and quantum blind signature algorithm. In
Sect. 3, we propose the E-payment protocol between two banks. The security analysis
and discussions are presented in Sect. 4. Finally, in Sect. 5, we discuss the results and
draw conclusions.
123
551
2 Preliminary theory
2.1 Proxy blind signature
Proxy signature is the original signer gives the signature ability to a proxy signer, so
that the proxy signer can sign messages on behalf of original signer [14]. As for blind
signature, the message owner could get the authentic signature for his own message,
but not reveal the specific content of the message. In some cases, such as an inter-bank
trading system, both the property of proxy signature and that of blind signature were
required for application and security concern, so proxy blind signature was proposed.
2.2 The correlation of triplet entangled state |
Suppose that Alice, Bob1, Bob2 share three particles in entangled state [15]:
1
(|000 + |110 + |011 + |101)123
2
1
= (|+ + + + | )123
2
| 123 =
(1)
where
1
1
|+ = (|0 + |1) , | = (|0 |1)
2
2
(2)
and Alice holds particle1, Bob1 holds particle3 and Bob2 holds particle2, respectively,
as shown in Fig. 1.
Formula 1 can be rewritten as
| 123 =
1
(|00 + |11)12 |03 + (|01 + |10)12 |13
2
(3)
Firstly, Bob1 measures his particle3 in base B Z = {|0, |1}, then the particles 1
and 2 would become one of the states:
+
1
1
=3 0| 123 = (|00 + |11)12 = (|++ + |)12
2
2
+
1
1
= 1| 123 = (|01 + |10)12 = (|++ |)12
12 3
2
2
12
Bob1
1
Alice
Bob1
Bob2
(4)
(5)
123
552
X. Wen et al.
Table 1 The possible results after Alice, Bob1and Bob2 choosing the different measuring bases
Bob1s result of
particle3 using B Z
Alices result of
particle1
Bob2s result of
particle2
|03
Bz
|0
|1
|+
|
|0
|1
|+
|
|0
|1
|+
|
|1
|0
|+
|
Bx
|13
Bz
Bx
Deduct
Bank1
Customer
If Bob2 Chooses a
base different
from Alice, he
will get a random
result
Alice
Bob1
Purchase
delegate
Bank2
Bob2
Deposit
Merchant
Charlie
Secondly, Alice randomly chooses the base B Z = {|0, |1}, or B X = {|+, |} to
measure her particle1.Finally, Bob2 measures his particle2 randomly. If Bob2 Chooses
the same base as Alices to measure his particle, he will get a certain result (as shown
in Table 1). However, after Alices measurement, if Bob2 chooses a measurement base
different from Alices, he will get a random result.
3 The inter-banks quantum E-payment system
As shown in Fig. 2, our inter-bank E-payment system involves four roles as following:
(1)
(2)
(3)
(4)
Informed by Alice, the bank Bob1 deducts the corresponding amount of money
from Alices account and transfers the money to the bank Bob2 and delegate Bob2
sign to merchant Charlie, such that Charlie should receive the proper money in his
account. After verifying the proxy blind signature from Bob2, the merchant Charlie
gives the corresponding goods to Alice. The whole transaction is finished.
123
553
123
554
X. Wen et al.
{0,1}, 0 denotes |0 as 1 denotes |1}), then he encrypts it to get E K B1B2 (S1 ),
where S1 may be regards as Bob1s proxy certificate.
Step 3. Bob1 sends E K B1B2 (S1 ) to Bob2.
In this phase, the unconditional security is guaranteed by the use of quantum key
K AB1 and K B1B2 , and the one-time pad encryption algorithm. The subsequent phases
also have the similar analysis.
3.3 Blind the message M2 phase
Step 1. Alice measures her particle1 sequence according to her partial message
M2 = {m(1), m(2), . . ., m(i), . . .m(n)},which is Alices detailed purchase payment. If m(i) = 0, she measures particle1 with the base Bz = {|0, |1}, Ifm(i) = 1,
she chooses the base Bx = {|+, |}.
She records the measuring results as m = {m (1), m (2), . . ., m (i), . . ., m (n)}
(m (i) {|0, |1, |+, |}). One of the four states (|0, |1, |+, |) could be
encoded into two classical bits, the measuring rule and encoding rule are as shown in
Table 2.
Thus, m (i) comprises 2-bit classical information, and the message M2 (n-bit) has
been blinded into m (2n-bit).
Step 2. Alice encryptsm with the key K AC to get the secret message
MAC = E K AC m
(6)
123
n+2i1
m(i)or K B2C
Measuring
base
Measuring
result
2-Bit
classical code
Bz
Bx
|0
|1
|+
|
00
01
10
11
555
Step 2. The bank Bob2 combines S1 withS2 in turn to get S = {s1 (1),
s1 (2)), . . ., s1 (i), . . ., s1 (n), s2 (1), s2 (2)), . . ., s2 i), . . ., s2 (n)}(s1 (i) {0, 1}, s2 (i)
break {00, 01, 10, 11}), and encrypts S with the key K B2C (3n-bit) to get
S = E K B2C {S} , E is one-time pad, S is the proxy blind signature of the
message m .
Step 3. Bob2 sends S to the merchant Charlie.
Table 3 The deduction process of blind message m to original message m (take an example for m =
(01101100))
n
m
Alices measure result
Alices measure base
m
01
|1
Bz
0
10
|+
Bx
1
11
|
Bx
1
00
|0
Bz
0
S1 (i) m (i)
n+2i1
m(i) = K B2C
0
1
1
1
1
n+2i1
m(i) = K B2C
0
1
S2 (i)
m (i) = S2 (i)
00
01
01
00
10
10
11
11
No correlation between m (i) and S2 (i)
123
556
X. Wen et al.
123
557
the theoretically proved security. Finally, our protocol is based on the secure quantum channel, which has instantaneous transmission not restricted by distance, time or
obstacles. Therefore, our scheme is unconditionally secure.
5 Conclusion
In this paper, we propose an inter-bank E-payment protocol based on quantum proxy
blind signature. Compared with the previous works, our protocol could not only protect the users anonymity but also implement the inter-bank payment. Moreover, we
use quantum entanglement, quantum key distribution and one-time pad algorithm to
guarantee the protocols unconditional security.
Furthermore, it can be implemented easily with the current experimental conditions,
as the key techniques of our protocol only rely on the von Neumann measurement and
| states preparation. Although photon transmission in the quantum channel are difficult to approach 1 due to the channel noises, with the development of the quantum
information technique, our scheme can be applied successfully.
Acknowledgments This work was supported by a project funded by the China Postdoctoral Science
Foundation (project number 20080440896) and the Open Research Foundations of both State Key Laboratory of Information Security (Graduate School of Chinese Academy of Sciences) and Key Laboratory
of Communications and Information System (Beijing Jiaotong University). The work was also partially
supported by HKU Seed Funding for Basic Research (200811159155).
References
1. Chaum, D., Heyst, E.: Group Signatures, Advances in Cryptology-Eurocrypt91 LNCS 547. pp. 257
265. Springer, Berlin (1992)
2. Maitland, G., Boyd, C.: Fair Electronic Cash Based on a Group Signature Scheme, ICICS 2001, LNCS
2229. pp. 461465. Springer, Berlin (2001)
3. Canard, S., Traor, J.: Fair E-cash Systems Based on Group Signature Schemes, ACISP 2003, LNCS
2727. pp. 237248. Springer, Berlin (2003)
4. Traor, J.: Group Signatures and Their Relevance to Privacy-Protecting Offline Electronic Cash Systems, ACISP99, LNCS 1587. pp. 228243. Springer, Berlin (1999)
5. Qiu, W., Chen, K., Gu, D.: A New Off-Line Privacy Protecting E-Cash System with Revocable Anonymity, ISC 2002, LNCS 2433. pp. 177190. Springer, Berlin (2002)
6. Nielsen, M., Chuang, I.: Quantum Computation and Quantum Information. Cambridge University
Press, Cambridge (2000)
7. Shor, P., Preskill, J: Simple proof of security of the BB84 quantum key distribution protocol. Phys.
Rev. Lett. 85, 441444 (2000)
8. Zeng, G., Keitel, C.H.: An arbitrated quantum signature algorithm. Phys. Rev. A 65, 042312
042317 (2002)
9. Gottesman, D., Chuang, I.: http://arxiv.org/abs/quant-ph/0105032.pdf (2001)
10. Wen, X., Niu, X., Ji, L., Tian, Y.: A weak blind signature scheme based on quantum cryptography. Opt.
Commun. 282, 666669 (2009)
11. Wen, X., Tian, Y., Niu, X.: A group signature scheme based on quantum teleportation. Physica
Scripta 81, 055001055005 (2010)
12. Wen, X.: An E-payment system based on quantum group signature. Physica Scripta 82, 065403
065407 (2010)
13. Wen, X., Nie, Z.: An E-payment system based on quantum blind and group signature. In: International
Symposium on Data, Privacy, and E-Commerce, America (2010)
123
558
X. Wen et al.
14. Sun, H., Hsieh, B., Tseng, S.: On the security of some proxy blind signature schemes. J. Syst.
Softw. 74, 297302 (2005)
15. Gao, T., Yan, F., Wang, Z.: Controlled quantum teleportation and secure direct communication. Chin.
Phys. 14(05), 893897 (2005)
123