On the privacy of User efficient recoverable off-line E-cash scheme with fast anonymity revoking

Recently, Fan et al. proposed a novel e-cash scheme which allows a user to recover the e-cash he lost. They claimed their e-cash possesses properties of anonymity, unlinkability (i.e. untraceability), bank-off-line payment, double-spending detection, and anonymity revocation. The e-cash untraceability is greatly related to users' privacy and indicates that no one including the issuer bank can link e-cash to any user when the e-cash is legally spent. Although, the authors have formally proved the unlinkability of their scheme, we still found a loophole to compromise user's privacy. That is, an issuer bank or an attacker who intrudes the issuer bank's system can link e-cash to a user by collecting e-cash withdrawal and deposit transaction messages. This may make the user's shopping behaviors or location information exposed.