Cryptanalysis and improvement of a quantum-communication-based online shopping mechanism

TL;DR

This paper critically analyzes a quantum communication protocol for online shopping, revealing internal security vulnerabilities and proposing an improvement to enhance its security against internal betrayals.

Contribution

The paper identifies security flaws in a recent quantum communication protocol and introduces an improved version that resists internal controller attacks.

Findings

The original protocol is vulnerable to internal controller eavesdropping.

The proposed improvement effectively prevents internal betrayal attacks.

The security of quantum-based online shopping protocols can be significantly enhanced.

Abstract

Recently, Chou et al. [Electron Commer Res, DOI 10.1007/s10660-014-9143-6] presented a novel controlled quantum secure direct communication protocol which can be used for online shopping. The authors claimed that their protocol was immune to the attacks from both external eavesdropper and internal betrayer. However, we find that this protocol is vulnerable to the attack from internal betrayer. In this paper, we analyze the security of this protocol to show that the controller in this protocol is able to eavesdrop the secret information of the sender (i.e., the customer's shopping information), which indicates that it cannot be used for secure online shopping as the authors expected. Moreover, an improvement to resist the controller's attack is proposed.