International Association
for Cryptologic Research

One of the most well known micropayment scheme is the PayWord scheme. It is designed to be onevendor, so if we apply it for multiple vendors, it does not protect against double spending. We extended the PayWord scheme, it supports shopping at multiple vendors without an on-line broker or an on-line secure database. The proposed credit-based system uses one hash chain, hence besides the secret signature key only the seed and a random value should be securely stored. Our scheme is analyzed in applied pi calculus, we prove that it fulfills payment approval, secure payment authorization, secrecy of payment information and unreusability.