In cryptography a blind signature, as introduced by David Chaum, is a form of digital signature .. “Blind signatures for untraceable payments” (PDF). Advances in. Chaum, D. () Blind Signatures for Untraceable Payments. In Chaum, D., Rivest R.L. and Sherman, A.T., Eds., Advances in Cryptology Proceedings of. Semantic Scholar extracted view of “Blind Signatures for Untraceable Payments” by David Chaum.

Author: Arara Mam
Country: Equatorial Guinea
Language: English (Spanish)
Genre: Love
Published (Last): 2 February 2005
Pages: 83
PDF File Size: 3.4 Mb
ePub File Size: 20.48 Mb
ISBN: 995-1-99213-826-2
Downloads: 37685
Price: Free* [*Free Regsitration Required]
Uploader: Nigami

A whole industry of service-providers has sprung up alongside. This property does not hold for the simple scheme described above: Thus, the signer does not view the message content, but a third party can later verify the signature and know that the signature is valid within the limitations of the underlying signature scheme. Views Read Edit View history. An often-used analogy to the cryptographic blind signature is the physical act of a voter enclosing a completed anonymous ballot in a special carbon paper lined envelope that has the voter’s credentials pre-printed on the outside.

Blind signatures are typically employed in privacy-related protocols where the signer and message author are different parties. Once signed, the package is given back to the voter, who transfers the now signed ballot to a new unmarked normal envelope.

She can place the letter in an envelope lined with carbon paper and send it to Bob.

Blind Signatures for Untraceable Payments

To perform such a signature, the message is first “blinded”, typically by combining it in some way with a random “blinding factor”. Examples include cryptographic election systems and digital cash schemes. New Materials for UV Biosensor. A solution to this is to blind sign a cryptographic hash of the message, not the message itself.


The author of the message computes the product of the message and blinding factor, i. A traditional RSA signature is computed by raising the message m to the secret exponent d modulo the public modulus N.

The resulting message, along with the blinding factor, can be later verified against the signer’s public key. Blind signatures can also be used to provide unlinkabilitywhich prevents the signer from linking the blinded message it signs to a later un-blinded version that it may be called upon to verify. This includes various ” digital cash ” schemes and voting protocols.

The resulting blind signature can be publicly verified against untrzceable original, unblinded message in the manner of a regular digital signature. In this case, the signer’s response is first “un-blinded” prior to verification in such a way that the signature remains valid for the un-blinded message. RSA is subject to the RSA blinding attack through which it is possible to be tricked into decrypting a message by blind signing another message.

Digital currencies, virtual currencies, in-game currencies, etc. Alice can then open it to find the letter signed by Bob, but without Bob having seen its contents. One of the simplest blind signature schemes is based on RSA signing.

Paymengs Research An Academic Publisher. Buffa, Stefania Corvaglia, Nazzarena Malavolta. This is similar to the way zero-knowledge is defined in zero-knowledge paymentx systems. This means one vote per signed ballot in elections, for example.


Blind Signatures for Untraceable Payments | Satoshi Nakamoto Institute

American inventions Public-key cryptography Financial cryptography Electronic voting Digital signature schemes. The blund message is passed to a signer, who then signs it using a standard signing algorithm. Simultaneously, it is important that this authority does not learn the voter’s selections.

Modern EconomyVol. More formally a blind signature scheme is a cryptographic protocol that involves foor parties, a user Alice that wants to obtain signatures on her messages, and a signer Bob that is in possession of his secret signing key.

Blind signature schemes can be implemented using a number of common public key signing schemes, for instance RSA and DSA.

The signing authority then calculates the blinded signature s’ as:. Due to this multiplicative property of RSA, the same key should never be used for both encryption and signing purposes.

The usual approach is to show that for every adversarial signer, there exists a simulator that can output the same information as the signer.

This attack works because in this blind signature scheme the signer signs the message directly. The message is now easily obtained. When the attacker removes the blindness the signed version they will have the clear text:. Retrieved from ” https: