Elliptic curve based authenticated encryption scheme and its application for electronic payment system (Q2224260)

Summary: The use of e-payment system for e-commerce is making our day to day life more easy and convenient. In existing e-payment schemes, there are a number of security and efficiency issues to be addressed. To address such issues \textit{J.-H. Yang} et al. [``An efficient authenticated encryption scheme based on ECC and its application for electronic payment'', Inf. Techn. Control 42, No. 4, 315--324 (2013; \url{doi:10.5755/j01.itc.42.4.2150 })] proposed an authenticated encryption scheme and an e-payment system based on this encryption scheme. Their scheme excluded the need of digital signature for authentication. They claimed that the computation costs can be greatly reduced. But recently \textit{S. A. Chaudhry} et al. [``A secure and efficient authenticated encryption for electronic payment systems using elliptic curve cryptography'', Electron. Commerce res. 16, 113--139 (2016; \url{doi:10.1007/s10660-015-9192-5})] exposed the weaknesses of Yang et al.'s scheme [loc. cit.]. To overcome the weaknesses of Yang et al.'s scheme, they proposed improved authenticated encryption and e-payment schemes. However, our analysis shows that there are few security issues in their scheme. Direct use of private key in product with standard key size gives an opportunity to adversary. Based on these observations we propose an improved scheme for authenticated encryption. We also propose e-payment system using our encryption scheme. We give the security proof and performance analysis of our scheme.