|
中国科学院研究生院学报 2006
Two Remarks on a Forword-Secure E-cash System
|
Abstract:
The paper shows that there are two errors in the E-cash system in Ref.(1]).(1)In the setup phase,the factors p_1,p_2 of modulus n are not published.This makes the user and the bank unable to make valid signatures in the withdrawal phase.(2)The shop M must directly obtain those data(h,h_1,h_2,h_3) used in payment phase in a secure way,instead of receiving them from a signature offered by a user U.Otherwise,the adversary can forge signatures in the payment phase.Therefore,there are four redundant data among the signature(z,a,b,r,j,h,h_1,h_2,h_3) offered by a user.