In cryptography a blind signature, as introduced by David Chaum, is a form of digital signature .. “Blind signatures for untraceable payments” (PDF). Advances in. Chaum, D. () Blind Signatures for Untraceable Payments. In Chaum, D., Rivest R.L. and Sherman, A.T., Eds., Advances in Cryptology Proceedings of. Semantic Scholar extracted view of “Blind Signatures for Untraceable Payments” by David Chaum.

Author: Kajigami Goltinris
Country: Chile
Language: English (Spanish)
Genre: Video
Published (Last): 14 October 2015
Pages: 479
PDF File Size: 13.60 Mb
ePub File Size: 8.55 Mb
ISBN: 807-1-68228-589-9
Downloads: 97386
Price: Free* [*Free Regsitration Required]
Uploader: Braramar

This page was last edited on 17 Octoberat This means one vote per signed ballot in elections, for example. From Wikipedia, the free encyclopedia.

By using this site, you agree to the Terms of Use and Privacy Policy. Views Read Edit View history.

chamu This attack works because in this blind signature scheme the signer signs the message directly. When the attacker removes the blindness the signed version they will have the clear text:. Due to this multiplicative property of RSA, the same key should never be used for both encryption and signing purposes.

A traditional RSA signature is computed by raising the message m to the secret exponent d modulo the public modulus N.

An official verifies the credentials and signs the envelope, thereby transferring his signature to the ballot inside via the carbon paper. The blind version uses a random value rsuch that r is relatively prime to N i. Advances in Cryptology Proceedings of Crypto. The resulting message, along with the blinding factor, can be later verified against the signer’s public key.

An often-used analogy to the cryptographic blind signature is the physical act of a voter enclosing a completed anonymous ballot in a special carbon paper lined envelope that has the voter’s credentials pre-printed on the outside.


Blind signature – Wikipedia

In each example, the message to be signed is contained in the value m. The number of transactions as well as the number of accounts held by individuals and businesses is steadily increasing. In some blind signature schemes, such as RSA, it is even possible to remove the blinding factor from the signature before it is verified.

The blinded message is passed to a signer, who then signs it using a standard signing algorithm. Scientific Research An Academic Publisher.

As an analogy, consider that Alice has a letter which should be signed by an authority say Bobbut Alice does not want to reveal the content of the letter to Bob.

Examples include cryptographic paymdnts systems and digital cash schemes. RSA is subject to the RSA blinding attack through which it is possible to be tricked into decrypting a message by blind signing another message. In this case, the signer’s response is first “un-blinded” prior to verification in such a way that the signature remains valid for the un-blinded message.

Foe can then open it to find the letter signed by Bob, but without Bob having seen its contents. This property does not hold for the simple scheme described above: To perform such a signature, the message is first “blinded”, typically by combining it in some way with a random “blinding factor”. Bob will sign the outside of the carbon envelope without opening it and then send it back to Alice. The author of the message computes the product of the message and blinding factor, i.


Blind signature schemes exist for many public key signing protocols. Potential problems are analyzed and solutions offered. Retrieved from ” https: This is similar to the way zero-knowledge is defined in zero-knowledge proof systems.

At the end of the protocol Alice obtains a signature on m without Bob learning anything about the message.

Blind Signatures for Untraceable Payments

This intuition of not learning anything is hard to capture in mathematical terms. Simultaneously, it is important that this authority does not learn the voter’s selections. Once signed, the package is given back to the voter, who transfers the now signed ballot to a new unmarked normal envelope.

For example, the integrity of some electronic voting system may require that each ballot be certified by an election authority before it can be accepted for counting; this allows the authority to check the credentials of the voter to ensure that they are allowed to vote, and that they are not untraceablee more than one ballot. This includes various ” digital cash ” schemes and voting protocols.

Blind signature

Modern EconomyVol. A whole industry of service-providers has sprung up alongside. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature.