本論文提出一可使電子錢幣具有流通性之線上電子錢幣系統。本系統由消費者、商家、銀行與發行者等成員所組成，同時包含基本與進階等兩種運作模式。在基本模式下，發行者必須是一個具有公信力的第三者，而在進階模式下，我們藉由雜湊函數鏈的機制消除這個限制。在系統中，電子錢幣由其擁有者所自行產生，並包含一個私密值與其相對應的公開值。私密值是一個由錢幣擁有者所選取的亂數，而公開值則是其雜湊函數值。在錢幣提領階段，公開值必須由發行者公告在他的公佈欄，電子錢幣才能被合法使用。而在付費階段，發行者必須取代銀行在線上擔任錢幣合法性的驗證者並更新電子錢幣，這裡所指的更新錢幣是發行者將消費者錢幣的公開值換成商家錢幣的公開值以完成電子錢幣的轉移。這樣的置換方式我們稱之為更新，這也讓電子錢幣可以在使用者之間流通。而爲了避免發行者成為系統中的瓶頸，電子錢幣可以分散給許多個發行者管理以減輕其負擔。此外，不同的佈告欄可以用來公佈不同面額的電子錢幣，如此ㄧ來，不但電子錢幣可以流通，商家也能在交易時找零給消費者。

In this dissertation, we propose an efficient on-line e-coin system which achieves circulation of e-coins. The proposed system has four parties: Consumer, Merchant, Bank and Issuer, and two operating modes: basic mode and enhanced mode. It is essential to have a trustworthy Issuer in the basic mode, but the enhanced mode applies the hash chain technique to conquer the assumption that Issuer must be honest. In our system, an e-coin is generated by its owner and consists of a secret value, c, and a public value, c''=h(c), where h() is a secure one-way hash function. The public value of an e-coin is published by Issuer (delegated by Bank) on his bulletin board in withdrawal phase. Instead of Bank, Issuer has to be on-line to verify and renew e-coins during payment phase. That is, Issuer replaces the public values of Consumer''s e-coins with Merchant''s ones denoting the amount of money which must be paid in a transaction. Such a replacement is called as renewal and that makes the coin can circulate among users. Both of the communication bottleneck and the storage overhead occurring in Issuer can be distributed by using different bulletin boards of several Issuers. Besides, different bulletin boards can be used to represent e-coins of various denominations. With the features of renewal and various denominations, not only e-coin can circulate among users but Merchant has the capability to give change to Consumer.

Abstract i
Acknowledgements ii
Contents iii
List of Figures iv
List of Tables v
1. Introduction 1
2. Related Works 3
2.1 SOCPT [18]: 3
2.2 Vishwas Patil et al.’s payment system [21]: 5
2.3 PayWord [23]: 7
2.4 NetBill [25]: 9
2.5 Robert Tracz et al.’s Payment System [27]: 11
2.6 PayFair [32]: 13
2.7 Yang Zongkai et al.’s Payment System [34]: 15
3. System Architecture 17
4. The Basic Mode 18
4.1 Withdrawal Phase 19
4.2 Payment Phase 22
4.3 Deposit Phase 24
4.4 Analysis 25
5. The Enhanced E-coin mode 28
5.1 Withdrawal Phase 30
5.2 Payment Phase 32
5.3 Deposit Phase 35
5.4 Analysis 36
5.5 Comparison 39
6. Coins of various denominations 42
7. Conclusion 47
Reference 48

[1]N. Asokan, P.A. Janson, M. Steiner, M. Waidner, "The state of the art in electronic payment systems", IEEE Computer, Volume 30, Issue 9, Sept. 1997, Page(s):28-35.
[2]M. Bellare, J.A. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, E.V. Herreweghen, M. Waidner, "Design, Implementation, and Deployment of the iKP Secure Electronic Payment System", IEEE Journal on Selected Areas in Communications, Volume 18, Issue 4 , Apr. 2000, Page(s):611-627.
[3]S. Brands, "Untraceable Off-line Cash in Wallets with Observers", Proc. of the 13th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO ''93), Santa Barbara, California, USA, 1993, Page(s): 302-318.
[4]L. Buttyan, S.N. Ben, "A Payment Scheme for Broadcast Multimedia Streams", Proc. of 6th IEEE Symposium on Computers and Communications, Hammamet, Tunisia, 2001, Page(s):668-673.
[5]C. C. Chang and Y. P. Lai, "A flexible date-attachment scheme on e-cash", Computers and Security, Vol. 22, 2003, pp. 160-166(7).
[6]D. Chaum, "Online coin checks", Advances in Cryptology – Proc. of Eurocrypt''89, volume 434 of Lecture Notes in Computer Science, Berlin, 1989, Page(s):288-293.
[7]R.H. Deng, Y. Han, A.B. Jeng, T. Ngair, "A new on-line coin check scheme", Proc. of the 4th ACM conference on Computer and communications security, Zurich, Switzerland, 1997, Page(s):111-116.
[8]T. Ebringer, P. Thorne, Y. Zheng, "Parasitic Authentication To Protect Your E-Wallet", IEEE Computer, Volume 33, Issue 10, Oct. 2000, Page(s): 54-60.
[9]L. de Carvalho Ferreira, R. Dahab, "A Scheme for Analyzing Electronic Payment Systems", Proc. of the 14th Annual Computer Security Applications Conference (ACSAC’98), Scottsdale, Arizona, 1998, Page(s):137-146.
[10]Y. Frankel, Y. Tsiounis and M. Yung, "Indirect Discourse Proofs: Achieving Efficient Fair Off-Line E-Cash", Advances in Cryptology, Proc. of Asiacrypt’96, Lecture notes in computer science, Vol. 1163, Springer-Verlag, Kyongju, Korea, 1996, Page(s): 286-300.
[11]M. Jakobsson, M. Yung, "Revokable and Versatile Electronic Money", Proc. of the 3rd ACM conference on Computer and communications security, New Delhi, India, 1996, Page(s):76-87.
[12]S. Kim and W. Lee, "A PayWord-Based Micropayment Protocol Supporting Multiple Payments", Proc. Of the 12th International Conference on Computer Communications and Networks (ICCCN 2003), Dallas, Texas, 2003, Page(s):609-612.
[13]D. Kügler and H. Vogt, "Auditable Tracing with Unconditional Anonymity", Proc. of the Second International Workshop on Information Security Applications (WISA 2001), 2001, Page(s): 151-163.
[14]Y. Labrou, J. Agre, L. Ji, J. Molina and W. Chen, "Wireless Wallet", Proc. of the 1st Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous’04), Boston, Massachusetts, USA, 2004,Page(s): 32-41.
[15]M. Lee and K. Kim, "A Micro-payment System for Multiple-Shopping", The Symposium on Cryptography and Information Security (SCIS 2002), Shirahama, Japan, 2002, Page(s): 229-234.
[16]J. K. Liu, V. K. Wei and S. H. Wong, "Recoverable and Untraceable E-cash", Proc. of International. Conference on Trends in Communications, EUROCON''2001, Bratislava, Slovak Republic, 2001, Page(s): 132-135.
[17]S. H. Low, N.F. Maxemchuk, S. Paul, "Anonymous Credit Cards", IEEE/ACM Transactions on Networking, Volume 4, Issue 6, Dec. 1996, Page(s):809–816.
[18]Bo Meng, Qianxing Xiong, "SOCPT: A Secure Online Card Payment Protocol", Proc. Of The 8th International Conference on Computer Supported Cooperative Work in Design, Xiamen, 2004, Page(s):679 - 684.
[19]K.Q. Nguyen, Y. Mu, V. Varadharajan, "Micro-digital money for electronic commerce", Proc. of the 13th Annual Computer Security Applications Conference (ACSAC’97), San Diego, California, 1997, Page(s):2-8.
[20]K.Q. Nguyen, Y. Mu, V. Varadharajan, "Secure and efficient digital coins", Proc. of the 13th Annual Computer Security Applications Conference (ACSAC’97), San Diego, California, 1997, Page(s):9-15.
[21]Y Vishwas Patil, Shyamasundar, R.K, "An efficient, secure and delegable micro-payment system", Proc. of the International Conference on e-Technology, e-Commerce and e-Service (EEE’04), Taipei, Taiwan, 2004, Page(s):394 – 404.
[22]C. Popescu, "An Off-line Electronic Cash System with Revokable Anonymity", Proc. of the 12th IEEE Mediterranean Electrotechnical Conference, Dubrovnik, Croatia, 2004, Page(s): 763-767.
[23]R. L. RIVEST and SHAMIR, A, "PayWord and MicroMint: two simple micropayment schemes", Proc. of the 1996 RSA Data Security Conference, San Francisco, 1996, Page(s):69-87.
[24]M.A. Sirbu, "Credits and debits on the Internet", IEEE Spectrum, Vol. 34, Issue 2, Feb. 1997, Page(s):23–29.
[25]M. Sirbu, J.D. Tygar, "NetBill an Internet commerce system optimized for network-delivered services", IEEE Personal Communications, Vol. 2, Issue 4, Aug. 1995, Page(s):20-25.
[26]H. Tewari and D. O’Mahony, "Real-Time Payments for Mobile IP", IEEE Communications Magazine, Vol. 41, Issue 2, Feb. 2003, Page(s): 126-136.
[27]Robert Tracz, Konrad Wrona, "Fair electronic cash withdrawal and change return for wireless networks", Proceedings of the 1st international workshop on Mobile commerce, Rome, Italy, 2001, Page(s):14-19.
[28]V. Varadharajan, K.Q. Nguyen and Y. Mu, "On the design of efficient RSA-based off-line electronic coin schemes", Theoretical Computer Science, Volume 226, 1999, Page(s):173-184.
[29]H. Wang, J. Cao and Y. Zhang, "A flexible payment scheme and its permission-role assignment", Proc. of the 26th Australasian computer science conference on Conference in research and practice in information technology, Australia, 2003, pp. 189-198.
[30]H. Wang, Y. Zhang, "Untraceable off-line electronic coin flow in e-commerce", Proc. of the 24th Australian Computer Science Conference, Coast, Australia, 2001, Page(s):191-198.
[31]B. Yang and H. Garcia-Molina, "PPay: micropayments for peer-to-peer systems", Proc. of the 10th ACM conference on Computer and communications security (CCS’03), Washington D.C., USA, 2003, Page(s): 300-310.
[32]S. M. Yen, "PayFair: a prepaid internet micropayment scheme ensuring customer fairness", Computers and Digital Techniques, Volume 148, Issue 6, Nov. 2001, Page(s):207-213.
[33]J. Zhu, N. Wang and J. Ma, "A Micro-payment Scheme for Multiple-Vendor in M-Commerce", Proc. of the IEEE International Conference on E-Commerce Technology for Dynamic E-Business, Beijing , China, 2004, Page(s): 202-208.
[34]Yang Zongkai, Lang Weimin, Tan Yunmeng, "A New Fair Micropayment System Based on Hash Chain", Proc. of the International Conference on e-Technology, e-Commerce and e-Service (EEE’04), Taipei, Taiwan, 2004, Page(s):139 – 145.
[35]E. Mohammed, A.E. Emarah, K. El-Shennawy, "A blind signature scheme based on ElGamal signature", Proc. of EUROCOMM’2000, Germany, 2000, Page(s):51–53.