Recently, Wang et al. have proposed an offline payment scheme providing scalable anonymity. The authors claim that their scheme can prevent a consumer from spending a coin more than once, since after a double-spending the identity of the consumer is revealed. In this paper, we show that in Wang et al.'s scheme, given a valid coin and without knowing any secret information, everyone is able to spend the coin as many times as he wants. In particular, we show how a cheater, using only public information, can construct a faked proof of ownership of the coin without running any risk of being discovered. (C) 2007 Elsevier Inc. All rights reserved.
An Attack on a Payment Scheme
FERRARA, Anna Lisa
;
2008-01-01
Abstract
Recently, Wang et al. have proposed an offline payment scheme providing scalable anonymity. The authors claim that their scheme can prevent a consumer from spending a coin more than once, since after a double-spending the identity of the consumer is revealed. In this paper, we show that in Wang et al.'s scheme, given a valid coin and without knowing any secret information, everyone is able to spend the coin as many times as he wants. In particular, we show how a cheater, using only public information, can construct a faked proof of ownership of the coin without running any risk of being discovered. (C) 2007 Elsevier Inc. All rights reserved.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
