In cryptography a blind signature, as introduced by David Chaum, is a form of digital signature .. “Blind signatures for untraceable payments” (PDF). Advances in. Chaum, D. () Blind Signatures for Untraceable Payments. In Chaum, D., Rivest R.L. and Sherman, A.T., Eds., Advances in Cryptology Proceedings of. Semantic Scholar extracted view of “Blind Signatures for Untraceable Payments” by David Chaum.

Author: Dogul Gajora
Country: Armenia
Language: English (Spanish)
Genre: Love
Published (Last): 18 September 2015
Pages: 235
PDF File Size: 15.30 Mb
ePub File Size: 12.46 Mb
ISBN: 666-7-72833-868-8
Downloads: 10034
Price: Free* [*Free Regsitration Required]
Uploader: Mizilkree

The signing authority then calculates the blinded signature s’ as:.

This is similar to the way zero-knowledge is defined in zero-knowledge proof systems. This can be useful in schemes where anonymity is required.

Blind Signatures for Untraceable Payments

The overall assessment is that cryptocurrencies and variants of virtual currencies are a welcome development, they will offer competition to the existing modalities of money and governmental regulation, they will provide alternative means to economic agents for their transactions, and their innovative existence should be encouraged so that their beneficial features outperform any deleterious ones. Examples include cryptographic election systems and digital cash schemes. Bind, Stefania Corvaglia, Nazzarena Malavolta.

Modern EconomyVol. The message is now easily obtained. This includes various ” digital cash ” schemes and voting protocols. We consider the development of Bitcoin and its sister currencies as an important disruptive financial innovation which is here to stay unless throttled by ill-considered legislative or regulatory untracwable.

Advances in Cryptology Proceedings of Crypto. Digital currencies, virtual currencies, in-game currencies, etc. For example, the integrity of signaturws electronic voting system may require that bkind ballot be certified by an election authority before it can be accepted for counting; untraceaable allows the authority to check the credentials of the voter to ensure that they are allowed to vote, and that they are not submitting more than one ballot.


The blind version uses a random value rsuch that r is relatively prime to N i. A traditional RSA signature is computed by raising the message m to the secret exponent d modulo the public modulus N. This page was last edited on 17 Octoberat Scientific Research An Academic Publisher.

This intuition of not learning anything is hard to capture in mathematical terms. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature.

In this case, the signer’s response is first “un-blinded” prior to verification in such a way that the signature remains valid for the un-blinded message.

Blind signatures can also be used to provide unlinkabilitywhich prevents the signer from linking the blinded message it signs to a later un-blinded version that it may be called upon to verify. As an analogy, consider that Alice has a letter which should be signed by an authority say Bobbut Alice does not want to reveal the content of the letter to Bob.

In practice, the property that signing one blinded message produces at most one valid signed messages is usually desired. Alice can then open it to find the letter signed by Bob, but without Bob having seen its contents.

An often-used analogy to the cryptographic blind signature is the physical act of a voter enclosing a completed anonymous ballot in a special carbon paper lined envelope that has the voter’s credentials pre-printed on the outside. Due to this multiplicative property of RSA, the same key should never be used for both encryption and signing purposes.


Blind signature – Wikipedia

In some blind signature schemes, such as RSA, it is even possible to remove the blinding factor from the signature before it is verified. A solution to this is to blind sign a cryptographic hash of the message, not the message itself.

Untracrable property does not hold for the simple scheme described above: Blind signature schemes exist for many public key signing protocols.

At the end of the protocol Alice obtains a signature on m without Bob learning anything about the message. The blinded message is passed to a signer, who then signs it using a standard signing algorithm. She can place the letter in an envelope lined with carbon paper and send it to Bob.

Bob will sign the outside of the carbon envelope without opening it and untraceavle send it back to Alice.

Blind signature

More formally a blind signature scheme is a cryptographic protocol that involves two parties, a user Alice that wants to obtain siignatures on her messages, and a signer Bob that is in possession of his secret signing key. RSA is subject to the RSA blinding attack through which it is possible to be tricked into decrypting a message by blind signing another message. From Wikipedia, the free encyclopedia.