Blind Signature Scheme


Published on

In 1982, a blind signature, as introduced by David Chaum. Blind Signature Scheme is a form of digital signature scheme which allows a person to get a message signed by another party without revealing any information about the message to the other party.
This presentation introduces the theory behind the blind signature scheme, how to implement it with RSA public cryptographic scheme and various practical aspects of the scheme.

Published in: Technology, Education

Blind Signature Scheme

  1. 1. BLIND SIGNATURE SCHEME By: Asanka Balasooriya Kelum Senanayake
  2. 2. BLIND SIGNATURE SCHEME “Blind Signature Scheme allows a person to get a message signed by another party without revealing any information about the message to the other party.” – RSA Laboratory Introduced by Dr. David Chaum in 1982. Typical Analogy from the world of paper documents  Enclosing a message in a carbon paper lined envelop.  Writing a signature on the outside of the envelop.  Leaves a carbon copy of the signature on the paper inside the envelop.  The signer does not view the message content  But a third party can later verify the signature
  3. 3. ABOUT DR. DAVID CHAUM Dr. David Chaum is the inventor of many cryptographic protocols, including blind signature schemes, commitment schemes, and digital cash. He received his Ph.D. in Computer Science, with a minor in Business Administration, from the University of California at Berkeley. In the area of cryptography, he has published over 45 original technical articles (see list of articles), received over 17 US patents. Founder of the International Association for Cryptographic Research (IACR) In 1982. Founder and a member of the Board of Directors of DigiCash Inc., a company that has pioneered electronic cash innovations.
  4. 4. HOW BLIND SIGNATURE WORKS Suppose Alice wants Bob to sign a message m, but does not want Bob to know the contents of the message. Alice "blinds" the message m, with some random number b (the blinding factor). This results in blind(m,b). Bob signs this message, resulting in sign(blind(m,b),d), where d is Bobs private key. Alice then unblinds the message using b, resulting in unblind(sign(blind(m,b),d),b). The functions are designed so that this reduces to sign(m,d), i.e. Bobs signature on m.
  5. 5. BLIND RSA SIGNATURES Assume e is the public RSA exponent, d is the secret RSA exponent and N is the RSA modulus. Select random value r, such that r is relatively prime to N (i.e. gcd(r, N) = 1)r is raised to the public exponent e modulo N remod N is used as a blinding factor Because r is a random value, remod N is random too.
  7. 7. WHY WOULD BOB SIGN SOMETHING WITHOUTKNOWING WHAT IT IS? A trustee wishes to hold an election by secret ballot. Each elector is very concerned about keeping his vote secret from the trustee. Each vote should be signed by the trustee. Blind signature solves this problem.
  8. 8. WHY WOULD BOB SIGN SOMETHING WITHOUTKNOWING WHAT IT IS? Untraceable payment system Consider a bank, payer and the payee  A single note will be formed by the payer  Signed by the bank  Provided to the payee  Cleared by the bank
  9. 9. DANGERS OF BLIND SIGNING RSA Blinding Attack. In RSA the signing process is equivalent to decrypting with the signers secret key. An attacker can provide a blinded version of a message m encrypted with the signers public key, m for them to sign. When the attacker unblinds the signed version they will have the clear text.
  11. 11. RSA BLINDING ATTACK … CONT This attack works because in this blind signature scheme the signer signs the message directly. By contrast, in an traditional signature scheme the signer would typically use a padding scheme.  Signing the result of a Cryptographic hash function applied to the message, instead of signing the message itself.  This would produce an incorrect value when unblinded. In RSA the same key should never be used for both encryption and signing purposes.
  12. 12. REFERENCES “Blind Signatures for Untraceable Payments,” D. Chaum, Advances in Cryptology Proceedings of Crypto 82, D. Chaum, R.L. Rivest, & A.T. Sherman (Eds.), Plenum, pp. 199-203. RSA Laboratories - 7.3 What is a blind signature scheme?[Online]. Available: Blind signatures [Online]. Available: netsec/lectures/blind_sigs.html
  13. 13. THANK YOU