Vulnerability of Baseri et al.'s Untraceable Offline Electronic Cash System

Abstract

Offline electronic cash systems, an attractive payment platform for electronic commerce, enable customers to pay his electronic money in business transactions via the Internet. In 2013, Baseri et al. proposed an offline electronic cash (e-cash) system using RSA cryptosystem and asserted that their system satisfied anonymity, double spending detection, unforgeability, and date attachability properties and prevented forging. However, we find that their e-cash system is insecure against identity forgery. In this paper, we show that an adversary has three ways to forge a valid identity to withdraw electronic coin (e-coin) from his account at the bank and pay it to the merchant in payment phase. When double spending is detected, the bank cannot reveal the attacker's real identity.