Paper 2022/1676

Concurrently Secure Blind Schnorr Signatures

Georg Fuchsbauer, TU Wien
Mathias Wolf, TU Wien
Abstract

Many applications of blind signatures (notably in blockchains) require the resulting signatures to be compatible with the existing system. This makes schemes that produce Schnorr signatures (now being standardized and supported by major cryptocurrencies like Bitcoin) desirable. Unfortunately, the existing blind-signing protocol has been shown insecure when users can open signing sessions concurrently (Eurocrypt'21). On the other hand, only allowing sequential sessions opens the door to denial-of-service attacks. We present the first practical, concurrently secure blind-signing protocol for Schnorr signatures, using the standard primitives NIZK and PKE and assuming that Schnorr signatures themselves are unforgeable. We cast our scheme as a generalization of blind and partially blind signatures: we introduce the notion of predicate blind signatures, in which the signer can define a predicate that the blindly signed message must satisfy. We provide proof-of-concept implementations and benchmarks for various choices of primitives and scenarios, including blindly signing Bitcoin transactions conditioned on certain properties.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
Schnorr signatures(partially) blind signaturesconcurrent securityimplementationBitcoin
Contact author(s)
georg fuchsbauer @ tuwien ac at
mathias wolf @ tuwien ac at
History
2023-04-23: revised
2022-12-01: received
See all versions
Short URL
https://ia.cr/2022/1676
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1676,
      author = {Georg Fuchsbauer and Mathias Wolf},
      title = {Concurrently Secure Blind Schnorr Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1676},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1676}},
      url = {https://eprint.iacr.org/2022/1676}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.