Cryptology ePrint Archive: Report 2005/439

A note on the n-spendable extension of Ferguson's single-term off-line coins

T. C. Lam

Abstract: We show that an adversary can over-spend a coin n(n+1)! times without being detected and identified in the n-spendable extension of Ferguson's single-term off-line coin, simply by permuting the witness messages in the three-move zero-knowledge proof payment protocol. We repair the detection scheme by adding a simple verification rule in the payment protocol. We repair the identification scheme by restricting the identity format.

Category / Keywords: cryptographic protocols / cryptanalysis, electronic commerce and payment

Date: received 10 Nov 2005, last revised 30 Nov 2005

Contact author: brianlam at tamu edu

Available format(s): PDF | BibTeX Citation

Version: 20051207:071743 (All versions of this report)

Short URL: ia.cr/2005/439

Discussion forum: Show discussion | Start new discussion