Analysis:

The background is electronic cash, generally signed, and the signature sent by the signer must be remembered. For example, when and where it was sent to whom, he can write it down himself. However, if the signature is regarded as electronic cash, it involves anonymity. For example, when you use real money, does it have your name written on it? Of course not. Then I don't want banks to track their signatures to get users' consumption. So we designed a blind signature. Simply put, blind signing means that after signing a message, after a while, you show him this signature, and he will stare at you and ask: Hey, did I sign this? No, this is my public key. God, when have I ever done such a stupid thing to you1million? Hehe, we hope to achieve this effect. Of course, this is a bit exaggerated. Let's describe the nature of electronic cash:

An ideal electronic cash system should have the following characteristics:

Independence: the security of electronic cash does not depend on any physical location, and electronic cash can be transmitted through computer networks.

Conditional Anonymity: Use cash without revealing the identity of legitimate users, if necessary (such as users suspected of extortion, extortion,

Illegal purchase, bribery, etc. ) can be revoked by a trusted third party.

Unforgettable: No one can forge electronic cash except the legal issuance of electronic cash by banks.

Non-repeatable consumption: electronic cash can only be used once, and repeated consumption will be found with great probability.

Separability: Electronic cash can be divided into smaller amounts of cash, but the total amount remains the same.

Transitivity: users can lend electronic cash to others at will without being tracked.

Inconnectability: users' different electronic cash cannot be connected.

Offline payment: When users pay electronic cash, the store does not need to verify with the bank online.