Blind Signature Scheme
12 likes16,259 views
Blind signature schemes allow a message to be signed without revealing the message contents to the signer. Dr. David Chaum introduced blind signatures in 1982 as a way to sign messages privately. In a blind signature, the message is "blinded" with a random factor before signing, then "unblinded" to reveal the signature. This allows signatures to be generated without the signer viewing the actual message. However, blind signatures also introduce security risks like blinding attacks if used improperly for encryption and signing with the same key.
![REFERENCES
“Blind Signatures for Untraceable Payments,” D.
Chaum, Advances in Cryptology Proceedings of
Crypto 82, D. Chaum, R.L. Rivest, & A.T. Sherman
(Eds.), Plenum, pp. 199-203.
RSA Laboratories - 7.3 What is a blind signature
scheme?[Online]. Available:
http://www.rsa.com/rsalabs/node.asp?id=2339
Blind signatures [Online]. Available:
http://www.cs.bham.ac.uk/~mdr/teaching/modules06/
netsec/lectures/blind_sigs.html](https://image.slidesharecdn.com/blindsignaturescheme-120528234950-phpapp02/85/Blind-Signature-Scheme-12-320.jpg)
Ad
More Related Content
What's hot (20)
Viewers also liked (20)
Ad
Similar to Blind Signature Scheme (20)
Ad
More from Kelum Senanayake (10)
Recently uploaded (20)
Blind Signature Scheme
- 1. BLIND SIGNATURE SCHEME By: Asanka Balasooriya Kelum Senanayake
- 2. BLIND SIGNATURE SCHEME “Blind Signature Scheme allows a person to get a message signed by another party without revealing any information about the message to the other party.” – RSA Laboratory Introduced by Dr. David Chaum in 1982. Typical Analogy from the world of paper documents Enclosing a message in a carbon paper lined envelop. Writing a signature on the outside of the envelop. Leaves a carbon copy of the signature on the paper inside the envelop. The signer does not view the message content But a third party can later verify the signature
- 3. ABOUT DR. DAVID CHAUM Dr. David Chaum is the inventor of many cryptographic protocols, including blind signature schemes, commitment schemes, and digital cash. He received his Ph.D. in Computer Science, with a minor in Business Administration, from the University of California at Berkeley. In the area of cryptography, he has published over 45 original technical articles (see list of articles), received over 17 US patents. Founder of the International Association for Cryptographic Research (IACR) In 1982. Founder and a member of the Board of Directors of DigiCash Inc., a company that has pioneered electronic cash innovations.
- 4. HOW BLIND SIGNATURE WORKS Suppose Alice wants Bob to sign a message m, but does not want Bob to know the contents of the message. Alice "blinds" the message m, with some random number b (the blinding factor). This results in blind(m,b). Bob signs this message, resulting in sign(blind(m,b),d), where d is Bob's private key. Alice then unblinds the message using b, resulting in unblind(sign(blind(m,b),d),b). The functions are designed so that this reduces to sign(m,d), i.e. Bob's signature on m.
- 5. BLIND RSA SIGNATURES Assume e is the public RSA exponent, d is the secret RSA exponent and N is the RSA modulus. Select random value r, such that r is relatively prime to N (i.e. gcd(r, N) = 1) r is raised to the public exponent e modulo N remod N is used as a blinding factor Because r is a random value, remod N is random too.
- 6. BLIND RSA SIGNATURES… CONT
- 7. WHY WOULD BOB SIGN SOMETHING WITHOUT KNOWING WHAT IT IS? A trustee wishes to hold an election by secret ballot. Each elector is very concerned about keeping his vote secret from the trustee. Each vote should be signed by the trustee. Blind signature solves this problem.
- 8. WHY WOULD BOB SIGN SOMETHING WITHOUT KNOWING WHAT IT IS? Untraceable payment system Consider a bank, payer and the payee A single note will be formed by the payer Signed by the bank Provided to the payee Cleared by the bank
- 9. DANGERS OF BLIND SIGNING RSA Blinding Attack. In RSA the signing process is equivalent to decrypting with the signers secret key. An attacker can provide a blinded version of a message m encrypted with the signers public key, m' for them to sign. When the attacker unblinds the signed version they will have the clear text.
- 11. RSA BLINDING ATTACK … CONT This attack works because in this blind signature scheme the signer signs the message directly. By contrast, in an traditional signature scheme the signer would typically use a padding scheme. Signing the result of a Cryptographic hash function applied to the message, instead of signing the message itself. This would produce an incorrect value when unblinded. In RSA the same key should never be used for both encryption and signing purposes.
- 12. REFERENCES “Blind Signatures for Untraceable Payments,” D. Chaum, Advances in Cryptology Proceedings of Crypto 82, D. Chaum, R.L. Rivest, & A.T. Sherman (Eds.), Plenum, pp. 199-203. RSA Laboratories - 7.3 What is a blind signature scheme?[Online]. Available: http://www.rsa.com/rsalabs/node.asp?id=2339 Blind signatures [Online]. Available: http://www.cs.bham.ac.uk/~mdr/teaching/modules06/ netsec/lectures/blind_sigs.html
- 13. THANK YOU