Research On Some Problems Of Control Of Violation In Electronic Payment And Related Technology

The mushroom development of electronic commerce provides people with various ways of business. And electronic payment system is an important component of electronic commerce. Electronic commerce is becoming increasingly important, so over the past years, quite some cryptographic research effort has been put in the design of electronic payment. In this dissertation, we study two kinds of electronic payments. One is electronic cash(E-cash), and the other one is micro-payment. E-cash is the digital counterpart of cash payment, which not only guarantees the security of banks and shops, but also protects the privacy of customers, and realizing untraceable payments in digital world is the primary object of E-cash system. Micro-payment provides lower cost of protocol computation and communication overhead than conventional electronic payment, and micro-payment is suitable for a tremendous amount of low value(per transaction) information-payment services on network. How to control various violations in payment systems is one of our objects of study.We also do related expansive research on two fields. One is zero-knowledge proof of knowledge of double discrete logarithm, which is a basic cryptographic technique and is usually used as the basic module of electronic payment schemes. And the other one is K-times anonymous authentication, which is a more generic anonymous system than E-cash system. Zero-knowledge proof of knowledge of double discrete logarithm is the proof which conveys no additional knowledge other than the correctness of the proposition that the prover has the secret knowledge of double discrete logarithm. And K-times anonymous authentication is an authentication mode which the user can use to authenticate himself to the verifier as some anonymous member of a group at most K times.All above issues have been extensively researched by us and some achievements are obtained. The main research content and results in this dissertation are as follows.1. The anonymity of the user can be revoked unconditionally when a crime is involved in fair E-cash system. However, it is still an unsolved problem to design a practical and efficient fair E-cash scheme, since there are some problems of the impracticality or the incompleteness in the tracing design of existing schemes. First we discuss the principal reasons of it. The reason of impractical tracing is that many schemes have respective unsolved problems in designing the practical tracing. We solve one kind of the problems, then present the practical and efficient tracings in various situations, including the bank’s double-spending tracing without the trusted third party(TTP), the TTP’s unconditional tracing and the bank’s loss-coin tracing without TTP, which we call complete tracing. For some schemes, the reason of incomplete tracing is that the unsolved efficiency problems result in the incomplete design of tracing, whereas for other schemes, the reason of incomplete tracing is that the unconditional tracing and the anonymous spending are contradicting properties of E-cash. Considering that, the TTP can be divided into multiple parties, and the TTP is also removable in our system. Moreover, for solving the efficiency problem of practical tracing, we use a nested structure of signature of knowledge in payment protocol, which is proved to be a secure application. Then we provide the detailed security proofs of all security properties of our E-cash scheme, and analyze our system efficiency and system functions comparing with the recent schemes.2. Fraud and low-efficiency prevent micro-payment schemes based on Pay Word from being utilized. Considering social reality, the improved micro-payment scheme based on symmetric key cryptography is presented, and then security of the session key is proved with BAN logic. The particular analysis about its computing complexity and operating efficiency compared with other schemes is given. Analysis shows that there are many specialties such as lightweight computation in the scheme, and the goals such as anti-consumer-overdraft and anti-merchant-fraud are achieved with efficiency. How to achieve efficient payment in multiple merchants system is another problem of micro-payment. Single Hash chain paying for multiple merchants is one of common methods. After analyzing security of the correlative schemes, hidden dangers are revealed. Then a new scheme, named ACO, is presented, which can be proved to solve the problem of Hash-collision mentioned in the analyzed schemes. The design intentions of ACO protocol are explained, and by comparing cost and efficiency in detail, the practicability of ACO is demonstrated.3. Zero-knowledge proof of double discrete logarithm has some particular properties, so it has been widely applied in many cryptographic systems. But the efficient problem of zero-knowledge proof of double discrete logarithm has not been solved to this day, since there are some special difficulties in computing this kind of knowledge proof. Hence, the time complexity and the space complexity of existing schemes are all O(k), where k is a security parameter. After redesigning the basic construction of knowledge proof, we provide a new zero-knowledge proof of double discrete logarithm, which is the first scheme with O(1) time complexity and O(1) space complexity. If introducing an off-line TTP(trusted third party), we can provide two additional zero-knowledge proof schemes of double discrete logarithm, one is even more efficient than the first one, the other one solves another open problem, which is how to efficiently prove the equality of double discrete logarithms in zero-knowledge way, and the existing techniques cannot solve this problem. We also provide the detailed security proofs of our designs and efficiency analysis, comparing with the existing schemes. The significant improvement in efficiency of this basic cryptographic technique is also helpful for many security systems.4. In K-times anonymous authentication system, if a user tries to show credential beyond K times, anyone can identify the dishonest user(the violator). But identifying violators is not enough for some systems, where it is also desirable to revoke violators’ credentials for preventing them from abusing the anonymous property again. However, the problem of revoking credential without trusted third party has not been solved efficiently and practically. To solve it, we present an efficient scheme with efficient revocation of violator’s credential. In fact, our method also solves an interesting problem—leaking information in a statistic zero-knowledge way, so our solution to the revocation problem outperforms all prior solutions. For achieving it, we use the special zero-knowledge proof with special information-leak for revoking the violator’s credential, but it can still be proven to be perfect statistic zero-knowledge for guaranteeing the honest user’s anonymity. Comparing with existing schemes, our scheme is efficient, and moreover, our method of revoking violator’s credential is more practical with the least additional costs.