In cryptography a blind signature, as introduced by David Chaum, is a form of digital signature .. “Blind signatures for untraceable payments” (PDF). Advances in. Chaum, D. () Blind Signatures for Untraceable Payments. In Chaum, D., Rivest R.L. and Sherman, A.T., Eds., Advances in Cryptology Proceedings of. Semantic Scholar extracted view of “Blind Signatures for Untraceable Payments” by David Chaum.

Author: Nijinn Katilar
Country: Belarus
Language: English (Spanish)
Genre: Education
Published (Last): 23 February 2009
Pages: 375
PDF File Size: 1.15 Mb
ePub File Size: 20.68 Mb
ISBN: 356-9-16209-755-5
Downloads: 48698
Price: Free* [*Free Regsitration Required]
Uploader: Shaktinos

Once signed, the package is given back to paymejts voter, who transfers the now signed ballot to a new unmarked normal envelope. When the attacker removes the blindness the signed version they will have the clear text:. This intuition of not learning anything is hard to capture in mathematical terms. The usual approach is to show that for every adversarial signer, there exists a simulator that can output the same information as the signer.

Blind signature – Wikipedia

Bitcoin is an online system of making and receiving payments in bitcoins. Blind signature schemes see a great deal of use in applications where sender privacy is important. Scientific Research An Academic Publisher. In this case, the signer’s response is first “un-blinded” prior to verification in such a way that the signature remains valid for the un-blinded message.

Bob will sign the outside of the carbon envelope without opening it and then send it back to Alice. Vitamin D and Bone Health. By using this site, you agree to the Terms of Use and Privacy Policy. Views Read Edit View history. Advances in Cryptology Proceedings of Crypto.

Due to this multiplicative property of RSA, the same key should never be used for both encryption and signing purposes. The blind version uses a random value rsuch that r is relatively prime to N i. This page was last edited on 17 Octoberat Cryptocurrency has gained unprecedented attention since the birth of Bitcoin in Thus, the signer does not view the message content, but a third party can later verify the signature and know that the signature is valid within the limitations of the underlying signature scheme.


The message is now easily obtained. Blind signature schemes can be implemented using a number of common public key signing schemes, for instance RSA and DSA.

Blind signature

In cryptography a blind signatureas introduced by David Chaum[1] is a form of digital signature in which the content of a message is disguised blinded before it is signed. This can be useful in schemes where anonymity is required. Simultaneously, it is important that this authority does not learn the voter’s selections.

Alice can then open it to find the letter signed by Bob, but without Bob having seen its contents. Retrieved from ” https: This is similar to the way zero-knowledge is defined in zero-knowledge proof systems. An official verifies the credentials and signs the envelope, thereby transferring his signature to the ballot inside via the carbon paper.

Blind signature schemes exist for many public key signing protocols. By contrast, in an unblinded signature scheme the signer would typically use a padding scheme e.

The resulting message, along with the blinding factor, can be later verified against the signer’s public key. This attack works because in this blind signature scheme bkind signer signs the message directly. Buffa, Stefania Corvaglia, Nazzarena Malavolta.

She can place the letter in an envelope lined with carbon paper and send it to Bob.

The signing authority then calculates the blinded signature s’ as:. A traditional RSA signature is computed by raising the message m to the secret exponent d modulo the public modulus N. In each example, the message to be signed is contained in the value m. The blinded message is passed to a signer, who then signs it using a standard signing algorithm. RSA is subject to the RSA blinding attack through which it is possible to be tricked into decrypting a message by blind signing another message.

More formally a blind signature scheme is a cryptographic protocol that involves two parties, a user Alice that wants to obtain signatures on her messages, and a signer Bob that is in possession of his secret signing key.


Blind Signatures for Untraceable Payments

We consider the development of Bitcoin and its sister currencies as an important disruptive financial innovation which is here to stay unless throttled by ill-considered legislative or regulatory actions. The encrypted message would usually be some secret information which the attacker observed being sent encrypted under the signer’s public key which the attacker wants to learn more about.

As an analogy, consider that Alice has a letter which should be signed by an authority say Bobbut Alice does not want to reveal the content of the letter to Bob. Some examples are provided below. Are Disruptive Financial Innovations Here? For example, the integrity of some electronic voting system may require that each ballot be certified by an election authority before it can be accepted for counting; this allows the authority to check the credentials of the voter to ensure that they are allowed to vote, and that they are not submitting more than one ballot.

Examples include cryptographic election systems and digital cash schemes. A solution to this is to blind sign a cryptographic hash of the message, not the message itself. To perform such a signature, the message is first “blinded”, typically by combining it in some way with a random “blinding factor”.

An often-used analogy to the cryptographic blind signature is the physical act of a voter enclosing a completed anonymous ballot in a special carbon paper lined envelope that has the voter’s credentials pre-printed on the outside. The author of the message computes the product of the message and blinding factor, i. Blind signatures can also be used to provide unlinkabilitywhich prevents the signer from linking the blinded message it signs to a later un-blinded version that it may be called upon to verify.