Paper 2011/316

Security of Blind Signatures Revisited

Dominique Schröder and Dominique Unruh

Abstract

We revisit the definition of unforgeability of blind signatures as proposed by Pointcheval and Stern (Journal of Cryptology 2000). Surprisingly, we show that this established definition falls short in two ways of what one would intuitively expect from a secure blind signature scheme: It is not excluded that an adversary submits the same message $m$ twice for signing, and then produces a signature for $m'\neq m$. The reason is that the forger only succeeds if \emph{all} messages are distinct. Moreover, it is not excluded that an adversary performs $k$ signing queries and produces signatures on $k+1$ messages as long as \emph{each} of these signatures does not pass verification with probability~$1$. Finally, we proposed a new definition, honest-user unforgeability, that covers these attacks. We give a simple and efficient transformation that transforms any unforgeable blind signature scheme (with deterministic verification) into an honest-user unforgeable one.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
blind signaturesdefinitions
Contact author(s)
schroeder @ me com
History
2011-06-17: received
Short URL
https://ia.cr/2011/316
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/316,
      author = {Dominique Schröder and Dominique Unruh},
      title = {Security of Blind Signatures Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2011/316},
      year = {2011},
      note = {\url{https://eprint.iacr.org/2011/316}},
      url = {https://eprint.iacr.org/2011/316}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.