Paper 2016/494

AEP-M: Practical Anonymous E-Payment for Mobile Devices using ARM TrustZone and Divisible E-Cash (Full Version)

Bo Yang, Kang Yang, Zhenfeng Zhang, Yu Qin, and Dengguo Feng

Abstract

Electronic payment (e-payment) has been widely applied to electronic commerce and has especially attracted a large number of mobile users. However, current solutions often focus on protecting users' money security without concerning the issue of users' privacy leakage. In this paper, we propose AEP-M, a practical anonymous e-payment scheme specifically designed for mobile devices using TrustZone. On account of the limited resources on mobile devices and time constraints of electronic transactions, we construct our scheme based on efficient divisible e-cash system. Precisely, AEP-M allows users to withdraw a large coin of value $2^{n}$ at once, and then spend it in several times by dividing it without revealing users' identities to others, including banks and merchants. Users' payments cannot be linked either. AEP-M utilizes bit-decomposition technique and pre-computation to further increase the flexibility and efficiency of spending phase for mobile users. As a consequence, the frequent online spending process just needs at most $n$ exponentiations on elliptic curve on mobile devices. Moreover, we elaborately adapt AEP-M to TrustZone architecture for the sake of protecting users' money and critical data. The methods about key derivation and sensitive data management relying on a root of trust from SRAM Physical Unclonable Function (PUF) are presented. We implement a prototype system and evaluate AEP-M using Barreto-Naehrig (BN) curve with 128-bit security level. The security analysis and experimental results indicate that our scheme could meet the practical requirement of mobile users in respects of security and efficiency.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. The 19th Information Security Conference (ISC 2016)
Keywords
E-PaymentPrivacyMobile DevicesTrustZoneDivisible E-CashPUF
Contact author(s)
yangbo @ tca iscas ac cn
History
2016-05-22: received
Short URL
https://ia.cr/2016/494
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/494,
      author = {Bo Yang and Kang Yang and Zhenfeng Zhang and Yu Qin and Dengguo Feng},
      title = {{AEP}-M: Practical Anonymous E-Payment for Mobile Devices using {ARM} {TrustZone} and Divisible E-Cash (Full Version)},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/494},
      year = {2016},
      url = {https://eprint.iacr.org/2016/494}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.