[摘要] We present a method for blind certifying end-users' public keys and its application in off-line electronic cash. A blind certificate of a public key is similar to an ordinary public-key certificate, however the identity of the certificate holder is concealed under the key certified. A digital signature supported by a blind certificate can be verified without identifying the signer. The technique finds a good application in electronic cash. Using a one-time signature scheme during the payment time a spender is required to generate a payment signature supported by a valid blind certificate. Spending a coin once the spender remains anonymous whereas double spending will lead to discovery of the spender's private key and thereby her/his identity. The standard network directory services for certificate revocation (e.g. ISO/IEC X.509 framework) allows prompt revocation of the responsible blind certificate and hence prohibiting any further spending.