最近小額付款系統提供保護客戶個人隱私的能力，但是所提出的小額付款系統都只有提供使用者向商家購買物品的交易方式；然而會有商家有興趣想以低價購買使用者擁有的商品的情形，所以我們提出一個具有匿名性的雙向小額付款系統。在我們提出的新系統中，使用者不僅能匿名的向商家購買物品也能夠向商家販賣商品。在保護商家的利益上，新的系統提供探查機制可以去找出惡意使用者。此外在向匿名使用者購買物品後商家會獲得一些證據可用來證明是向那個來源使用者所購買的商品。新的系統不僅能滿足小額付款基本的安全要求，同時也達到使用者向商家銷售的公平性。此外也針對兩個提供匿名性與不可追蹤性的多商店小額付款機制，提出安全性方面的意見。

Micropayment schemes protecting customers’ identity privacy are proposed recently.  Those proposed micropayment schemes only deal with payments for the transaction that customers buy goods from vendors.  However, the customers also have some interesting goods with low price that vendors want to buy, so a bidirectional micropayment scheme with anonymous users is proposed.  In our scheme, the customers not only buy goods from vendors but also sale goods to vendors in anonymous and fair way.  To protect vendors’ benefits, our scheme also provides the exploring mechanism to find out who the malicious customers are.  Moreover, after buying goods from anonymous customers, the vendor obtains some evidence to prove who the actual source of the bought goods is.  Our scheme satisfies not only the basic security requirements of micropayment schemes but also the fairness of the sales from customers to vendors.  Our simulation shows that our bidirectional scheme is practical in real life.  Moreover, some security comments on two micropayment schemes for multi-merchants with anonymity and untraceability.

Table of Content
Chapter 1 Introduction	1
1.1 Our Contribution	3
Chapter 2 Our Bidirectional Micropayment Scheme with Anonymous Customers	6
2.1 Preparation Part	6
2.2 Customers’ Purchase Part	7
2.3 Customers’ Selling Part	10
Chapter 3 Security Analysis	14
3.1 Unforgeability	14
3.2 Non-repudiation	15
3.3 Double Spending Prevention	16
3.4 Overspending Prevention	16
3.5 Anonymity	17
3.6 Fairness	17
3.7 Traceability	17
Chapter 4 Performance Analysis and Discussions	19
Chapter 5 Comments on Micropayment Schemes for Multi-Merchants with Anonymity and Untraceability	24
5.1 Our Comments on Hwang and Sung’s Scheme	24
5.2 Our Comments on Bayyapu and Das’s Scheme	27
Chapter 6 Conclusions	31
References	32
Appendix	35

List of Table
Table 1: Simulation Environment	20
Table 2: Computational Costs in Pseudonym Registration Phase	21
Table 3: Computational Costs in Transaction Setup Protocol	22
Table 4: Computation Costs in Non-Redemption Phase	23
Table 5: Notations in Hwang and Sung’s Scheme	24
Table 6: Blind Phase Performance Comparison between Hwang and Sung’s and Bayyapu and Das Schemes	29
Table 7: Security Level Comparison among RSA and EC based Schemes	30

[1]Bellare, M., et al., “iKP- a family of secure electronic payment protocols,” In Proceedings of the First USENIX Workshop on Electronic Commerce, July 1995, pp 89-106.
[2]Manasse, M., “The Millicent Protocols for Electronic Commerce,” In: Proc. of 1st USENIX Workshop on Electronic Commerce, New York, 1995, pp. 11-12.
[3]Glassman, S., Manasse, M., Abadi, M., Gauthier, P., and Sobalvarro, P., “The Millicent Protocol for Inexpensive Electronic Commerce,” In: Proc. of 4th WWW Conference, Boston, Dec 11-14, 1995, pp. 603-618.
[4]R. Rivest and A. Shamir, “PayWord and MicroMint: Two Simple Micropayment Schemes,” Proceedings 1996 International Workshop on Security Protocols, LNCS 1189, New York: Springer, 1996, pp. 69-87. 
[5]M. S. Hwang and P. C. Sung, “A Study of Micro-payment Based on One-Way Hash Chain,” International Journal of Network Security, Vol. 2, No.2, pp. 81-90, 2006
[6]P. R. Bayyapu and M. L. Das, “An Improved and Efficient Micro-Payment Scheme,” Journal of Theoretical and Applied Electronic Commerce Research, Vol. 4, No. 1, pp. 91-100, 2009.
[7]C. T. Wang, C. C. Chang, and C. H. Lin, “A New Micro-Payment System Using General Payword Chain,” Electronic Commerce Research, Vol. 2, No. 2, pp. 159-168, 2002.
[8]C.-I Fan, Y. K. Liang and C. N. Wu, “An Anonymous Fair Offline Micropayment Scheme,” Proc. of the International Conference on Information Society (i-Society 2011), London, June 27-29, 2011, pp 377-381.
[9]Isern-Deya Andreu Pere, Payeras-Capella M, Mut-Puigserver Macia, and Ferrer-Gomila Josep L, “Untraceable, Anonymous and Fair Micropayment Scheme,” Proceedings of the 9th International Conference on Advances in Mobile Computing and Multimedia, Ho Chi Minh City, Vietnam, December 5-7, 2011, pp. 42-49.
[10]M. Hosseinkhani, E. Tarameshloo, and M. Shajari, “AMVPayword: Secure and Efficient Anonymous Payword-Based Micropayment Scheme,” International Conference on Computational Intelligence and Security - CIS‘10, pp. 551-555, 2010.
[11]A. Nguyen and X. Shao, “A Secure and Efficient Micropayment System,” Advances in Computer and Information Sciences and Engineering, New York: Springer, 2008, pp. 63-67.
[12]M. Lee, K. Kim, “A Micro-payment System for Multiple-Shopping,” Proc. of Symposium on Cryptography and Information Security - SCIS‘02, vol. 1/2, pp. 229-234, 2002.
[13]S. Kim, W. Lee, “A PayWord-based Micropayment Protocol Supporting Multiple Payments,” Proc. of 12th International Conference on Computer Communications and Networks-ICCCN‘03, pp. 609-612, 2003.
[14]A. Esmaeeli, M. Shajari, “Mvpayword: Secure and Efficient Payword-based Micropayment Scheme,” Proc. of 2nd International Conference on the Application of Digital Information and Web Technologies - ICADIWT‘09, pp. 609-614, 2009.
[15]C. N. Yang, S. Y. Chiou, and W. C. Liao, “Micropayment Scheme with Ability to Return Changes,” Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services (iiWAS2009), Malaysia, December 14-16. 2009, pp. 356-363.
[16]S.M. Yen, L.T. Ho and C.Y. Huang, “Internet Micropayment Based on Unbalanced One-way Binary Tree,” Proc. of the International Workshop on Cryptographic Techniques and E-Commerce--CrypTEC '99, Hong Kong, pp. 155-162, 5-8 July 1999.
[17]S.M. Yen, L.T. Ho and C.Y. Huang, “Internet Micropayment Based on Unbalanced One-way Binary Tree,” Proc. of the 9th National Conference on Information Security, May 1999
[18]Xiaoling Dai and John Grundy, “Off-Line Micro-payment System for Content Sharing in P2P Networks,” International Conference on Distributed Computing & Internet Technology (ICDCIT 2005), LNCS 3816, New York: Springer, 2005, pp. 297-307
[19]Christof Paar and Jan Pelzl, Understanding Cryptography: A Textbook for Students and Practitioners, 1st Ed., 2nd Printing, New York: Springer, 2010, pp. 259-292.
[20]K. Nguyen, “Asymmetric Concurrent Signatures,” Information and Communications Security, LNCS 3783, New York: Springer, 2005, pp. 181-193.