Nowadays, thanks to the progressing technology of computer networks and the Internet, information technology is used in many aspects of human life. One aspect is the use of information technology in electronic commerce. Since the appearance of electronic commerce, people have been able to carry out their commercial activities by the use of electronic money in their payment transactions. The first electronic money has been proposed by the David Chaum to have similar properties to paper cash . There are a number of features considered for an electronic cash system. Some of them are listed: In prevalent electronic cash systems, the bank, the customer and the merchant are three participants involved in the transaction promethazine hcl of the system. A customer opens an account in a bank, withdraws cash from his account and then pays it to a merchant. The merchant takes the cash, checks its validity, accepts it and deposits it with the bank.
Considering the relationship between the bank and the merchant, electronic cash systems could be divided into two categories: online and off-line. In online category, while paying the coin to the merchant, the bank should attend the transaction, validate the coin and check its double spending [2–4]. In contrast, in off-line payments, the validation of the coin is done partially by the merchant while paying. After connecting to the bank in the next phase, the validation will be completed. While efficiency is improved, double spending can only be detected after connecting with the bank [5–7]. Recently, some efforts have been made to integrate online and off-line electronic cash systems .
The main controversial issue in off-line electronic cash systems is simultaneously fulfilling untraceability and double spending detection. After the Chaum scheme which used a blind signature to achieve untraceability , numerous untraceable electronic cash schemes have been proposed based on this structure [9–14]. In blind signature-based schemes, the customer could get the signature of the bank on the coin without disclosing any information about the coin, and spend it without revealing his identity to the merchant. The other issue in off-line electronic cash is related to the nature of electronic cash. Since electronic cash is inherently digital, it could easily be copied and reused. So, a malicious customer could spend it twice or more. To address this problem, the identity of the customer should be revealed after double spending. One approach to doing this is the use of the Cut and choose technique. Although this technique is used in some schemes [14–16], due to computational and communicational overhead, Single X hypothesis is highly inefficient. The other approach for detecting the identity of a double spender is the use of a restrictive blind signature, which is introduced by Bands . In restrictive blind signature, the customer can blind the outside of the message, , but not its internal structure. After double spending, the bank would be able to clear the structure in a polynomial time. Although Brands’ scheme suffers from some weaknesses in misrepresenting the identity of the customer , some solutions have been proposed to prevent these weaknesses [10,17]. Afterward, some schemes have been presented, which use a similar method to Bands’ restrictive blind signature, to detect the identity of a double spender [18–20].
The other feature considered for an electronic cash system is adding the withdrawal date, transaction date (or effective date) and depositing date to it, in order to charge for interest and check the expiration date of the coin. Since the electronic cash systems are prepaid systems, the withdrawal and transaction dates are important to the customers and merchants if e-cash interest is considered. Using the transaction date, when the merchant deposits the e-cash, he can charge the interest of the e-cash during the transaction date and deposit date from the bank. To attach the date, several date attachment schemes have been proposed that let customers attach transaction dates to e-cash [21–24], and some other date attachment e-cash schemes let the merchant attach the date to the e-cash [5,25,26]. In addition, to give the bank the ability of managing its own database, the expiration date should be attached to the coin. To detect the identity of a malicious spender while double spending, the banks should store the information related to the withdrawn coin in its own database. Regarding the expiration date, the bank could remove the information of outdated coins from its own database and control the size of it. Attaching an expiration date to coins, should be considered a procedure to exchange the outdated coins with new coins. This affair is done by considering an additional phase in the electronic cash protocol (i.e. exchange phase) [25,27,28]. In addition, to attach the expiration date, most schemes use partially blind signatures [23,29–32]. In partially blind signatures, the part of the information which contains pre-agreed information is clear to the signer and verifier (e.g. date and time), while the other parts of the massage and the signature are blinded to the signer.