An attack on a payment scheme

Recently, Wang et al. have proposed an offline payment scheme providing scalable anonymity. The authors claim that their scheme can prevent a consumer from spending a coin more than once, since after a double-spending the identity of the consumer is revealed. In this paper, we show that in Wang et al.’s scheme, given a valid coin and without knowing any secret information, everyone is able to spend the coin as many times as he wants. In particular, we show how a cheater, using only public information, can construct a faked proof of ownership of the coin without running any risk of being discovered.