Strong anonymous mobile payment against curious third-party provider

Abstract

M-commerce provides convenient services and has developed rapidly in recent years. But security and privacy have always been major concerns for most users. Among existing payment systems, PayPal as well as Alipay has a third-party payment provider (TPP) but does not provide anonymity. Bitcoin provides anonymity but its decentralized framework without TPP causes high energy consumption and security attack issues. Further information can be deduced from the public decentralized ledger, Bitcoin cannot offer strong privacy guarantees. Therefore, unifying strong anonymity, security and efficiency is challenging in mobile payment. This paper proposes a strong anonymous mobile payment against a curious third-party provider (SATP). A ticket as a new means of payment is partially blindly signed by TPP using certificateless cryptographic primitives. SATP can ensure confidentiality of payment data, non-repudiation and revocation of payment operation, and anonymity of payer’s identity. Especially, it can enable a user to pay anonymously even in face of a curious TPP. Performance analysis shows that SATP avoids high energy consumption like Bitcoin, and its communication cost is less than that of the existing anonymous research work.