Concurrently-Secure Blind Signatures Without Random Oracles or Setup Assumptions (original) (raw)
Related papers
Concurrent Blind Signatures Without Random Oracles
Lecture Notes in Computer Science, 2006
We present a blind signature scheme that is efficient and provably secure without random oracles under concurrent attacks utilizing only four moves of short communication. The scheme is based on elliptic curve groups for which a bilinear map exists and on extractable and equivocable commitments. The unforgeability of the employed signature scheme is guaranteed by the LRSW assumption while the blindness property of our scheme is guaranteed by the Decisional Linear Diffie-Hellman assumption.
Formalizing Group Blind Signatures and Practical Constructions without Random Oracles
Group blind signatures combine anonymity properties of both group signatures and blind signatures and offer privacy for both the message to be signed and the signer. Their applications include multi-authority e-voting and distributed e-cash systems. The primitive has been introduced with only informal definitions for its required security properties. We offer two main contributions: first, we provide foundations for the primitive where we present formal security definitions offering various flavors of anonymity relevant to this setting. In the process, we identify and address some subtle issues which were not considered by previous constructions and (informal) security definitions. Our second main contribution is a generic construction that yields practical schemes with round-optimal signing and constant-size signatures. Our constructions permit dynamic and concurrent enrollment of new members, satisfy strong security requirements, and do not rely on random oracles. In addition, we introduce some new building blocks which may be of independent interest.
Universally Composable Blind Signatures
2006
This paper shows that the security of blind signatures is, as defined by Juels, Luby and Ostrovsky, truly weaker than the security in the universal composability (UC) framework (i.e., define the ideal functionality of blind signatures), which was introduced by Canetti. That is, we formulate the security of blind signatures in the UC framework, and show that the class of UC-secure blind signatures is a proper subset of that of secure (in the sense of Juels et al.) blind signatures. In addition, we introduce a stronger security definition (stronger blindness; SB-security) of blind signatures than that by Juels et al. and show that SB-security is more suitable in many applications than Juels et al's. This paper then shows that SB-security of blind signatures is also truly weaker than the security in the UC framework.
Unification in Blind Signatures
2011
Blind signatures are signature schemes that keep the content confidential and have applications in modern cryptography for electronic voting and digital cash schemes. We study three unification problems based on an equational theory for blind signatures. This theory consists of two axioms, namely
Journal of Computer Security, 2013
Blind signatures allow users to obtain signatures on messages hidden from the signer; moreover, the signer cannot link the resulting message/signature pair to the signing session. This paper presents blind signature schemes, in which the number of interactions between the user and the signer is minimal and whose blind signatures are short. Our schemes are defined over bilinear groups and are proved secure in the common-reference-string model without random oracles and under standard assumptions: CDH and the decision-linear assumption. (We also give variants over asymmetric groups based on similar assumptions.) The blind signatures are Waters signatures, which consist of 2 group elements. Moreover, we instantiate partially blind signatures, where the message consists of a part hidden from the signer and a commonly known public part, and schemes achieving perfect blindness. We propose new variants of blind signatures, such as signer-friendly partially blind signatures, where the public part can be chosen by the signer without prior agreement, 3-party blind signatures, as well as blind signatures on multiple aggregated messages provided by independent sources. We also extend Waters signatures to non-binary alphabets by proving a new result on the underlying hash function.
Efficient and Provably Secure Trapdoor-Free Group Signature Schemes from Bilinear Pairings
2004
We propose a group signature scheme with constant-size public key and signature length that does not require trapdoor. So system parameters can be shared by multiple groups belonging to different organizations. The scheme is provably secure in the formal model recently proposed by Bellare, Shi and Zhang (BSZ04), using random oracle model, Decisional Bilinear Diffie-Hellman and Strong Diffie-Hellman assumptions. We give a more efficient variant scheme and prove its security in a formal model which is a modification of BSZ04 model and has a weaker anonymity requirement. Both schemes are very efficient and the sizes of signatures are approximately one half and one third, respectively, of the sizes of the well-known ACJT00 scheme. We also use the schemes to construct a traceable signature scheme.
On the Security of an Efficient ID-based Partially Blind Signature Scheme
partially blind signature is a variant of the blind signature. The partially blind signature scheme allows a signer to sign a partially blind message that explicitly includes the pre-agreed information. In 2005, Chow et al. first proposed an ID-based partially blind signature scheme with bilinear pairings. ID-based public key systems with bilinear pairings defined on elliptic curves offer a flexible approach to achieve both simplifying the certificate management and reducing the computational cost. However, their scheme is time-consuming for requesters (or clients) with mobile devices. In 2007, Hu and Huang proposed an efficient ID-based partially blind signature scheme based on bilinear pairings. They claimed that the proposed scheme is provably secure under the random oracle model. However, this paper shows that the Hu-Huang scheme suffers from forgery attacks.
Blind signatures based on the discrete logarithm problem
1995
In Harn95], Harn claims, that the signature schemes in CaPS94] and HoMP94] are not true blind signatures. In this comment, we prove, that this claim is fortunately totally wrong. His attempt to cryptanalyse the schemes in CaPS94, HoMP94] is incorrect, as the proposed relationship, which is used to trace the signature by the signer, is an invariant that is satis ed by any two pairs of signed messages.
Security of Blind Signatures Revisited
IACR ePrint, 2011
We revisit the definition of unforgeability of blind signatures as proposed by Pointcheval and Stern (Journal of Cryptology 2000). Surprisingly, we show that this established definition falls short in two ways of what one would intuitively expect from a secure blind signature scheme: It is not excluded that an adversary submits the same message m twice for signing, and then produces a signature for m = m. The reason is that the forger only succeeds if all messages are distinct. Moreover, it is not excluded that an adversary performs k signing queries and produces signatures on k + 1 messages as long as each of these signatures does not pass verification with probability 1.