Cryptanalysis and improvement of a quantum-communication-based online shopping mechanism

Recently, Chou et al. [Electron Commer Res, DOI 10.1007/s10660-014-9143-6] presented a novel controlled quantum secure direct communication protocol which can be used for online shopping. The authors claimed that their protocol was immune to the attacks from both external eavesdropper and internal betrayer. However, we find that this protocol is vulnerable to the attack from internal betrayer. In this paper, we analyze the security of this protocol to show that the controller in this protocol is able to eavesdrop the secret information of the sender (i.e., the customer's shopping information), which indicates that it cannot be used for secure online shopping as the authors expected. Moreover, an improvement to resist the controller's attack is proposed.