電子貨幣的技術使得在電子交易過程中透過通訊網路傳送數位化的金錢變為可能。由於電子貨幣具有不可追蹤與不可偽造的特性，因此在交易過程中它可以保護消費者的隱私及保證付費的安全性。本論文介紹一個有效率的電子貨幣協定，對每個消費者而言，從銀行領出w元與在一連串的交易中消費w元只需要最少的儲存空間。與傳統的電子貨幣協定比較起來，這個方法對消費者而言不僅可以大量地減少儲存需求，而且也可大幅地降低交易過程中的通訊量。此外，這整個協定的計算成本遠低於傳統的電子貨幣協定，更達到用戶端低計算量的目標。因此可以證實所提出的協定在一連串的付費中與傳統的電子貨幣協定相較起來是更適合用在儲存空間受限或是硬體受限的環境，例如：智慧卡或是行動商務。另外，我們也分別從消費者、商家及銀行的觀點去檢查這個被提出協定的安全性。因為這個被提出的協定是植基於一個通用的部分盲簽章機制，因此它可以建立在任何一個高效率且安全的部分盲簽章機制之上。

The technology of electronic cash makes it possible to transmit digital money over communication networks during electronic transactions. Owing to the untraceability and unforgeability properties, electronic cash can protect the privacy of customers and guarantee the security of payments in the transactions. This manuscript introduces an efficient electronic cash protocol where it only requires minimal storage for each customer to withdraw w dollars from the bank and spend the w dollars in a sequence of transactions. Compared with traditional electronic cash protocols, the proposed method greatly reduces not only the storage required for the customers but the communication traffic in the transactions as well. Furthermore, the computation cost of the entire protocol is lower than the traditional ones and it also achieves the customer efficiency property. It turns out that the proposed protocol is much more suitable for the storage-limited or hardware-limited environments, such as smart card computing or mobile commerce, than the traditional electronic cash protocols in a sequence of payments. In addition, we examine the security of the proposed electronic cash protocol from the customer’s, the shop’s, and the bank’s points of view, respectively. Since the proposed protocol is based on a generic partially blind signature scheme, it can be implemented by any partially blind signature scheme as long as it is secure and user efficient.

摘要 I
ABSTRACT II
TABLE OF CONTENTS III
LIST OF FIGURES IV
LIST OF TABLES V
LIST OF TABLES V
CHAPTER 1 INTRODUCTION 1
CHAPTER 2 PRELIMINARY 4
2.1 FAN-CHEN GENERIC BLIND SIGNATURE SCHEME 5
2.2 TRADITIONAL ELECTRONIC CASH PROTOCOL BASED ON FAN-CHEN GENERIC BLIND SIGNATURE SCHEME 8
2.3 NAKANISHI ET AL.’S PROTOCOL 12
CHAPTER 3 THE PROPOSED GENERIC PARTIALLY BLIND SIGNATURE SCHEME 17
CHAPTER 4 THE PROPOSED CUSTOMER EFFICIENT ELECTRONIC CASH PROTOCOLS 22
4.1 THE PROPOSED PROTOCOL BASED ON ABE’S PARTIALLY BLIND SIGNATURE SCHEME 27
4.2 THE PROPOSED PROTOCOL BASED ON FAN’S IMPROVED LOW-COMPUTATION PARTIALLY BLIND SIGNATURES SCHEME 31
CHAPTER 5 DISCUSSIONS 35
5.1 SECURITY EXAMINATION 35
5.2 PERFORMANCE ANALYSIS 38
CHAPTER 6 CONCLUSIONS 40
REFERENCES 41

[1] M. Abe and E. Fujisaki, "How to date blind signatures," Advances in Cryptology-ASIACRYPT'96, LNCS 1163, Springer-Verlag, pp. 244-251, 1996.
[2] M. Abe, T. Okamoto, "Provably secure partially blind signatures," Advances in Cryptology-CRYPTO'2000, LNCS 1880, Springer-Verlag, pp. 271-286, 2000.
[3] S. Brands, "Untraceable off-line cash in wallets with observers," Advances in Cryptology-CRYPTO'93, LNCS 773, Springer-Verlag, pp. 302-318, 1994.
[4] E. Brickell, P. Gemmell, and D. Kravitz, "Trustee-based tracing extensions to anonymous cash and the making of anonymous change," Proceedings of the 6th Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 157-166, 1995.
[5] J. Camenisch and A. Lysyanskaya, "A signature scheme with efficient protocols," SCN'02, LNCS 2576, Springer-Verlag, pp. 268-289, 2002.
[6] A. Chan, Y. Frankel, and Y. Tsiounis, "Easy come - easy go divisible cash," Advances in Cryptology-EUROCRYPT'98, LNCS 1403, Springer-Verlag, pp. 561-575, 1998.
[7] D. Chaum, "Blind signatures for untraceable payments," Advances in Cryptology- CRYPTO'82, Springer-Verlag, pp. 199-203, 1983.
[8] D. Chaum, A. Fiat, and M. Naor, "Untraceable electronic cash," Advances in Cryptology- CRYPTO'88, LNCS 403, Springer-Verlag, pp. 319-327, 1990.
[9] I. Damgard and E. Fujisaki, "A statistically-hiding interger commitment scheme based on groups with hidden order," Advances in Cryptology-ASIACRYPT'2002, Springer-Verlag, LNCS 2501, pp. 125–142, 2002.
[10] T. Eng, T. Okamoto, "Single-term divisible electronic coins," Advances in Cryptology-EUROCRYPT'94, LNCS 950, Springer-Verlag, pp. 306-319, 1994.
[11] T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms", IEEE Transactions on Information Theory, vol. 31, pp. 469-472, 1985.
[12] C. I. Fan and C. L. Lei, "A multi-recastable ticket scheme for electronic elections," Advances in Cryptology-AISACRYPT'96, LNCS 1163, Springer-Verlag, pp. 116-124, 1996.
[13] C. I. Fan and C. L. Lei, "User efficient blind signatures," Electronics Letters, vol. 34, no. 6, pp. 544-546, 1998.
[14] C. I. Fan and C. L. Lei, "A user efficient fair blind signature scheme for untraceable electronic cash," Journal of Information Science and Engineering, vol. 18, no. 1, pp. 47-58, 2002.
[15] C. I. Fan and W. K. Chen, "An efficient blind signature scheme for information hiding," International Journal of Electronic Commerce, vol. 6, no. 1, pp. 93-100, 2001.
[16] C. I. Fan, "Improved low-computation partially blind signatures," Applied Mathematics and Computation, vol. 145, no. 2-3, pp. 853-867, 2003.
[17] C. I. Fan, L. C. Wu, Y. S. Yeh, "Nearly optimal user efficient partially blind signatures," Proceedings of the 2002 International Computer Symposium, vol. 2, 2002, pp. 1083-1090.
[18] N. Ferguson, "Single term off-line coins," Advances in Cryptology-EUROCRYPT'93, LNCS 765, Springer-Verlag, pp. 318-328, 1994.
[19] C. L. Lei and C. I. Fan, "A universal single-authority election system," IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. E81-A, no. 10, pp. 2186-2193, 1998.
[20] T. Nakanishi and Y. Sugiyama, "Unlinkable divisible electronic cash," Proceedings of 3rd International Workshop on Information Security, LNCS 1975, Springer-Verlag, pp. 121-134, 2000.
[21] T. Nakanishi, M. Shiota, and Yuji Sugiyama, "An efficient on-line electronic cash with unlinkable exact Payments," Proceedings of the 7th Information Security Conference, LNCS 3225, Springer Verlag, pp. 367-378, 2004.
[22] T. Okamoto and K. Ohta, "Universal electronic cash," Advances in Cryptology-CRYPTO'91, LNCS 576, Springer-Verlag, pp. 324-337, 1991
[23] T. Okamoto, "An efficient divisible electronic cash scheme," Advances in Cryptology-CRYPTO'95, LNCS 963, Springer-Verlag, pp. 438-451, 1995.
[24] P. Paillier, "Public-key cryptosystems based on composite degree residuosity classes," Advances in Cryptology-EUROCRYPT'99, LNCS 1592, Springer-Verlag, pp.223–238, 1999.
[25] R. C. Peralta, "A simple and fast probabilistic algorithm for computing square roots modulo a prime number," IEEE Transactions on Information Theory, vol. 32, no.6, pp. 846-847, 1986.
[26] M. O. Rabin, "Digitalized signatures and public-key functions as intractable as factorization," Technical Report, MIT/LCS/TR212, MIT Lab., Computer Science, Cambridge, Mass, 1979.
[27] R. L. Rivest, A. Shamir, L. Adleman, "A method for obtaining digital signatures and public key cryptosystems," Communications of the ACM, vol. 21, no.2, pp. 120-126, 1978.
[28] G. J. Simmons, Contemporary Cryptology: The Science of Information Integrity, IEEE Press, NY, 1992.
[29] H. C. Williams, "A modification of the RSA public-key encryption procedure," IEEE Transactions on Information Theory, vol. 26, no.6, pp. 726-729, 1980.