In cryptography a blind signature, as introduced by David Chaum, is a form of digital signature .. “Blind signatures for untraceable payments” (PDF). Advances in. Chaum, D. () Blind Signatures for Untraceable Payments. In Chaum, D., Rivest R.L. and Sherman, A.T., Eds., Advances in Cryptology Proceedings of. Semantic Scholar extracted view of “Blind Signatures for Untraceable Payments” by David Chaum.

Author: Bagor Kar
Country: South Africa
Language: English (Spanish)
Genre: Music
Published (Last): 25 July 2008
Pages: 279
PDF File Size: 15.22 Mb
ePub File Size: 13.47 Mb
ISBN: 787-5-46673-903-8
Downloads: 53623
Price: Free* [*Free Regsitration Required]
Uploader: Taurr

The signing authority then calculates the blinded signature s’ as:. This is similar to the way zero-knowledge is defined in zero-knowledge proof systems. Cryptocurrency has gained unprecedented attention since the birth of Bitcoin in Buffa, Stefania Corvaglia, Nazzarena Malavolta.

To perform such a signature, the message is first “blinded”, typically by combining it in some way with a random “blinding factor”. The author of the message computes the product of the message and blinding factor, i. Bitcoin is an online system of making and receiving payments in bitcoins. This attack works because in this blind signature scheme the signer signs the message directly. In practice, the property that signing one blinded message produces at most one valid signed messages is usually desired.

We consider the development of Bitcoin and its sister currencies as an important disruptive financial innovation which is here to stay unless throttled by ill-considered legislative or regulatory actions.

Blind signature – Wikipedia

Potential problems are analyzed and solutions offered. Advances in Cryptology Proceedings of Crypto. The resulting blind signature can be publicly verified against the original, unblinded chajm in the manner of a regular digital signature. Blind signature schemes see a great deal of use in applications where sender privacy is important.

By using this site, you agree to the Terms of Use and Privacy Policy. In some blind signature schemes, such as RSA, it is even possible to remove the blinding factor from untraaceable signature before it is verified. Blind signature schemes exist for many public key signing protocols.


Blind signature

As an analogy, consider that Alice has a letter which should be signed by an authority say Bobbut Alice does not want to reveal the content of the letter to Bob. Simultaneously, it is important that this authority does not learn the voter’s selections.

From Wikipedia, the free encyclopedia. RSA is subject to the RSA blinding attack through which it is possible to be tricked into decrypting a message by blind signing another message. Bob will sign the outside of the carbon envelope without opening it and then send it back to Alice.

Blind Signatures for Untraceable Payments

This can be useful in schemes where anonymity is required. When the attacker removes the blindness the signed version they will have the clear text:. Scientific Research An Academic Publisher. Blind signatures are typically employed in privacy-related protocols where the signer and message author are different parties.

Thus, the signer does not view the message content, but a third party can later verify the signature and know that the signature is valid within the limitations of the underlying signature scheme. The usual approach is to show that for every adversarial signer, there exists a simulator that can output the same information as the signer.

An often-used analogy to the cryptographic blind signature is the physical act of a voter enclosing a completed anonymous ballot in a special carbon paper lined envelope that has the voter’s credentials pre-printed on the outside.

Blind Signatures for Untraceable Payments | Satoshi Nakamoto Institute

This includes various ” digital cash signztures schemes and voting protocols. The overall assessment is that cryptocurrencies and variants of virtual currencies are a welcome development, they will offer competition to the existing modalities of money and governmental regulation, they will provide alternative means to economic agents for their transactions, and their innovative signaturres should be encouraged so that their beneficial features outperform any deleterious ones.

This page was last edited on 17 Octoberat Due to this multiplicative property of RSA, the same key should never be used for both encryption and signing purposes. In cryptography a blind signatureas introduced by David Chaum[1] is a form of digital signature in which the content of a message is disguised blinded before it is signed. The message is now easily obtained. At the end of the protocol Alice obtains a signature on m without Bob learning anything chqum the message.


In each example, the message to be signed is contained in the value m. Blind signature schemes can be implemented bblind a number of common public key signing schemes, for instance RSA and DSA. This intuition of not learning anything is hard to capture in mathematical terms.

An official verifies the credentials and signs the envelope, thereby transferring his signature to the ballot inside via the carbon paper. By contrast, in an unblinded signature scheme the signer would typically use a padding scheme e. The blinded message is passed to a signer, who then signs it using a standard signing algorithm.

An unlinkable blind signature provides this guarantee, as the authority will not see the contents of any ballot it signs, and will be unable to link the blinded ballots it signs back to the un-blinded ballots it receives for counting.

This means one vote per signed ballot in elections, for example. Some examples are provided below. Modern EconomyVol. The encrypted message would usually be some secret information which the attacker observed being sent encrypted under the signer’s public key which the attacker wants to learn more about.

Alice can then open it to find the letter signed by Bob, but without Bob having seen its contents. She can place the letter in an envelope lined with carbon paper and send it to Bob.