Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Like this presentation? Why not share!

- Blinding: History and Current Issues by Mary K.D. D'Rozario 725 views
- DigiCash by David Evans 1158 views
- Shamir's No-Key Protocol by M8R-chmbo7 2804 views
- Digital Signature by Isni Wida 259 views
- Blockchan For Developers by Alex Chepurnoy 94 views
- Bitcoin - Introduction, Technical A... by Bernhard Haslhofer 870 views

10,071 views

Published on

This presentation introduces the theory behind the blind signature scheme, how to implement it with RSA public cryptographic scheme and various practical aspects of the scheme.

No Downloads

Total views

10,071

On SlideShare

0

From Embeds

0

Number of Embeds

6

Shares

0

Downloads

306

Comments

0

Likes

7

No embeds

No notes for slide

- 1. BLIND SIGNATURE SCHEME By: Asanka Balasooriya Kelum Senanayake
- 2. BLIND SIGNATURE SCHEME “Blind Signature Scheme allows a person to get a message signed by another party without revealing any information about the message to the other party.” – RSA Laboratory Introduced by Dr. David Chaum in 1982. Typical Analogy from the world of paper documents Enclosing a message in a carbon paper lined envelop. Writing a signature on the outside of the envelop. Leaves a carbon copy of the signature on the paper inside the envelop. The signer does not view the message content But a third party can later verify the signature
- 3. ABOUT DR. DAVID CHAUM Dr. David Chaum is the inventor of many cryptographic protocols, including blind signature schemes, commitment schemes, and digital cash. He received his Ph.D. in Computer Science, with a minor in Business Administration, from the University of California at Berkeley. In the area of cryptography, he has published over 45 original technical articles (see list of articles), received over 17 US patents. Founder of the International Association for Cryptographic Research (IACR) In 1982. Founder and a member of the Board of Directors of DigiCash Inc., a company that has pioneered electronic cash innovations.
- 4. HOW BLIND SIGNATURE WORKS Suppose Alice wants Bob to sign a message m, but does not want Bob to know the contents of the message. Alice "blinds" the message m, with some random number b (the blinding factor). This results in blind(m,b). Bob signs this message, resulting in sign(blind(m,b),d), where d is Bobs private key. Alice then unblinds the message using b, resulting in unblind(sign(blind(m,b),d),b). The functions are designed so that this reduces to sign(m,d), i.e. Bobs signature on m.
- 5. BLIND RSA SIGNATURES Assume e is the public RSA exponent, d is the secret RSA exponent and N is the RSA modulus. Select random value r, such that r is relatively prime to N (i.e. gcd(r, N) = 1)r is raised to the public exponent e modulo N remod N is used as a blinding factor Because r is a random value, remod N is random too.
- 6. BLIND RSA SIGNATURES… CONT
- 7. WHY WOULD BOB SIGN SOMETHING WITHOUTKNOWING WHAT IT IS? A trustee wishes to hold an election by secret ballot. Each elector is very concerned about keeping his vote secret from the trustee. Each vote should be signed by the trustee. Blind signature solves this problem.
- 8. WHY WOULD BOB SIGN SOMETHING WITHOUTKNOWING WHAT IT IS? Untraceable payment system Consider a bank, payer and the payee A single note will be formed by the payer Signed by the bank Provided to the payee Cleared by the bank
- 9. DANGERS OF BLIND SIGNING RSA Blinding Attack. In RSA the signing process is equivalent to decrypting with the signers secret key. An attacker can provide a blinded version of a message m encrypted with the signers public key, m for them to sign. When the attacker unblinds the signed version they will have the clear text.
- 10. RSA BLINDING ATTACK
- 11. RSA BLINDING ATTACK … CONT This attack works because in this blind signature scheme the signer signs the message directly. By contrast, in an traditional signature scheme the signer would typically use a padding scheme. Signing the result of a Cryptographic hash function applied to the message, instead of signing the message itself. This would produce an incorrect value when unblinded. In RSA the same key should never be used for both encryption and signing purposes.
- 12. REFERENCES “Blind Signatures for Untraceable Payments,” D. Chaum, Advances in Cryptology Proceedings of Crypto 82, D. Chaum, R.L. Rivest, & A.T. Sherman (Eds.), Plenum, pp. 199-203. RSA Laboratories - 7.3 What is a blind signature scheme?[Online]. Available: http://www.rsa.com/rsalabs/node.asp?id=2339 Blind signatures [Online]. Available: http://www.cs.bham.ac.uk/~mdr/teaching/modules06/ netsec/lectures/blind_sigs.html
- 13. THANK YOU

No public clipboards found for this slide

Be the first to comment