Advertisement

Journal of Cryptology

, Volume 30, Issue 2, pp 470–494 | Cite as

Security of Blind Signatures Revisited

  • Dominique Schröder
  • Dominique Unruh
Article

Abstract

We revisit the security definitions of blind signatures as proposed by Pointcheval and Stern (J Cryptol 13(3):361–396, 2000). Security comprises the notions of one-more unforgeability, preventing a malicious user to generate more signatures than requested, and of blindness, averting a malicious signer to learn useful information about the user’s messages. Although this definition is well established nowadays, we show that there are still desirable security properties that fall outside of the model. More precisely, in the original unforgeability definition is not excluded that an adversary verifiably uses the same message m for signing twice and is then still able to produce another signature for a new message \(m'\ne m\). Intuitively, this should not be possible; yet, it is not captured in the original definition, because the number of signatures equals the number of requests. We thus propose a stronger notion, called honest-user unforgeability, that covers these attacks. We give a simple and efficient transformation that turns any unforgeable blind signature scheme (with deterministic verification) into an honest-user unforgeable one.

Keywords

Blind signatures Formalization Aborts Probabilistic verification 

References

  1. 1.
    M. Abe, A secure three-move blind signature scheme for polynomially many signatures, in Birgit Pfitzmann, editor, Advances in Cryptology—EUROCRYPT 2001, vol. 2045 of Lecture Notes in Computer Science, Innsbruck, Austria, May 6–10 (Springer, Berlin, 2001), pp. 136–151Google Scholar
  2. 2.
    M. Abe, G. Fuchsbauer, J. Groth, K. Haralambiev, M. Ohkubo, Structure-preserving signatures and commitments to group elements, in Tal Rabin, editor, Advances in Cryptology—CRYPTO 2010, vol. 6223 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 15–19, (Springer, Berlin, 2010), pp. 209–236Google Scholar
  3. 3.
    M. Abdalla, C. Namprempre, G. Neven, On the (im)possibility of blind message authentication codes, in David Pointcheval, editor, Topics in Cryptology—CT-RSA 2006, vol. 3860 of Lecture Notes in Computer Science, San Jose, CA, USA, February 13–17, (Springer, Berlin, 2006), pp. 262–279Google Scholar
  4. 4.
    M. Abe, M. Ohkubo, A framework for universally composable non-committing blind signatures, in Mitsuru Matsui, editor, Advances in Cryptology—ASIACRYPT 2009, vol. 5912 of Lecture Notes in Computer Science, Tokyo, Japan, December 6–10, (Springer, Berlin, 2009), pp. 435–450Google Scholar
  5. 5.
    N. Asokan, V. Shoup, M. Waidner, Optimistic fair exchange of digital signatures (extended abstract), in Kaisa Nyberg, editor, Advances in Cryptology—EUROCRYPT’98, vol. 1403 of Lecture Notes in Computer Science, Espoo, Finland, May 31 – June 4, (Springer, Berlin, 1998), pp. 591–606Google Scholar
  6. 6.
    R. Bjones, U-prove technology overview. http://www.itforum.dk/downloads/Ronny_Bjones_Uprove.pdf, (2010)
  7. 7.
    M. Bellare, C. Namprempre, D. Pointcheval, M. Semanko, The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptol., 16(3):185–215 (2003)Google Scholar
  8. 8.
    A. Boldyreva, Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme, in Yvo Desmedt, editor, PKC 2003: 6th International Workshop on Theory and Practice in Public Key Cryptography, volume 2567 of Lecture Notes in Computer Science, Miami, USA, January 6–8, (Springer, Berlin, 2003), pp. 31–46Google Scholar
  9. 9.
    S. Brands, C. Paquin, U-prove cryptographic specification v1.0. http://connect.microsoft.com/site642/Downloads/DownloadDetails.aspx?DownloadID=26953, March 2011
  10. 10.
    S.A. Brands, Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy, (MIT Press, Cambridge, 2000)Google Scholar
  11. 11.
    J. Camenisch, T. Groß, Efficient attributes for anonymous credentials, in Peng Ning, Paul F. Syverson, Somesh Jha, editors, ACM CCS 08: 15th Conference on Computer and Communications Security, Alexandria, Virginia, USA, October 27–31, (ACM Press, New York, 2008), pp. 345–356Google Scholar
  12. 12.
    D. Chaum, Blind signatures for untraceable payments, in David Chaum, Ronald L. Rivest, Alan T. Sherman, editors, Advances in Cryptology—CRYPTO’82, Santa Barbara, CA, USA, (Plenum Press, New York, 1982), pp. 199–203Google Scholar
  13. 13.
    D. Chaum, Blind signature system, in David Chaum, editor, Advances in Cryptology—CRYPTO’83, Santa Barbara, CA, USA, (Plenum Press, New York, 1983), p. 153Google Scholar
  14. 14.
    J. Camenisch, M. Koprowski, B. Warinschi, Efficient blind signatures without random oracles, in Carlo Blundo and Stelvio Cimato, editors, SCN 04: 4th International Conference on Security in Communication Networks, vol. 3352 of Lecture Notes in Computer Science, Amalfi, Italy, September 8–10, (Springer, Berlin, 2004), pp. 134–148Google Scholar
  15. 15.
    J. Camenisch, G, Neven, A. Shelat, Simulatable adaptive oblivious transfer, in Moni Naor, editor, Advances in Cryptology—EUROCRYPT 2007, vol. 4515 of Lecture Notes in Computer Science, Barcelona, Spain, May 20–24, (Springer, Berlin, 2007), pp. 573–590Google Scholar
  16. 16.
    M. Fischlin, Round-optimal composable blind signatures in the common reference string model, in Cynthia Dwork, editor, Advances in Cryptology—CRYPTO 2006, vol. 4117 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 20–24, (Springer, Berlin, 2006), pp. 60–77Google Scholar
  17. 17.
    M. Fischlin, D. Schröder, Security of blind signatures under aborts, in Stanislaw Jarecki and Gene Tsudik, editors, PKC 2009: 12th International Conference on Theory and Practice of Public Key Cryptography, vol. 5443 of Lecture Notes in Computer Science, Irvine, CA, USA, March 18–20, (Springer, Berlin, 2009), pp. 297–316Google Scholar
  18. 18.
    M. Fischlin, D. Schröder, On the impossibility of three-move blind signature schemes, in Henri Gilbert, editor, Advances in Cryptology—EUROCRYPT 2010, vol. 6110 of Lecture Notes in Computer Science, French Riviera, May 30 – June 3, (Springer, Berlin, 2010), pp. 197–215Google Scholar
  19. 19.
    G. Fuchsbauer, Automorphic signatures in bilinear groups and an application to round-optimal blind signatures. Cryptology ePrint Archive, Report 2009/320, 2009. http://eprint.iacr.org/.
  20. 20.
    S. Garg, D. Gupta, Efficient round optimal blind signatures, in Phong Q. Nguyen and Elisabeth Oswald, editors, Advances in Cryptology—EUROCRYPT 2014, vol. 8441 of Lecture Notes in Computer Science, Copenhagen, Denmark, May 11–15, (Springer, Berlin, 2014), pp. 477–495Google Scholar
  21. 21.
    J.A. Garay, P.D. MacKenzie, M. Prabhakaran, K. Yang, Resource fairness and composability of cryptographic protocols, in Shai Halevi and Tal Rabin, editors, TCC 2006: 3rd Theory of Cryptography Conference, vol. 3876 of Lecture Notes in Computer Science, New York, NY, USA, March 4–7, (Springer, Berlin, 2006) pp. 404–428Google Scholar
  22. 22.
    S. Garg, V. Rao, A. Sahai, D. Schröder, D. Unruh, Round optimal blind signatures, in Advances in Cryptology—CRYPTO 2011—31st Annual Cryptology Conference, Santa Barbara, CA, USA, August 14–18, 2011. Proceedings, vol. 6841 of Lecture Notes in Computer Science, (Springer, Berlin, 2011), pp. 630–648Google Scholar
  23. 23.
    E. Ghadafi, N.P. Smart, Efficient two-move blind signatures in the common reference string model. Cryptology ePrint Archive, Report 2010/568, 2010. http://eprint.iacr.org/
  24. 24.
    O. Goldreich, The Foundations of Cryptography, vol. 2 (Cambridge University Press, New York, NY, 2004).Google Scholar
  25. 25.
    O. Horvitz, J. Katz, Universally-composable two-party computation in two rounds, in Alfred Menezes, editor, Advances in Cryptology—CRYPTO 2007, vol. 4622 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 19–23, (Springer, Berlin, 2007), pp. 111–129Google Scholar
  26. 26.
    C. Hazay, J. Katz, C.-Y. Koo, Y. Lindell, Concurrently-secure blind signatures without random oracles or setup assumptions, in Salil P. Vadhan, editor, TCC 2007: 4th Theory of Cryptography Conference, vol. 4392 of Lecture Notes in Computer Science, Amsterdam, The Netherlands, February 21–24, (Springer, Berlin, 2007), pp. 323–341Google Scholar
  27. 27.
    A. Juels, M. Luby, R. Ostrovsky, Security of blind digital signatures (extended abstract), in Burton S. Kaliski Jr., editor, Advances in Cryptology—CRYPTO’97, vol. 1294 of Lecture Notes in Computer Science, Santa Barbara, CA, USA, August 17–21, (Springer, Berlin, 1997), pp. 150–164Google Scholar
  28. 28.
    A. Kiayias, H.-S. Zhou, Equivocal blind signatures and adaptive UC-security, in Ran Canetti, editor, TCC 2008: 5th Theory of Cryptography Conference, vol. 4948 of Lecture Notes in Computer Science, San Francisco, CA, USA, March 19–21, (Springer, Berlin, 2008), pp. 340–355Google Scholar
  29. 29.
    MICROSOFT U-PROVE. Microsoft u-prove ctp release 2. http://connect.microsoft.com/site642/Downloads/DownloadDetails.aspx?DownloadID=26953, March 2011
  30. 30.
    T. Okamoto, Efficient blind and partially blind signatures without random oracle, in Shai Halevi and Tal Rabin, editors, TCC 2006: 3rd Theory of Cryptography Conference, vol. 3876 of Lecture Notes in Computer Science, New York, NY, USA, March 4–7, (Springer, Berlin, 2006), pp. 80–99Google Scholar
  31. 31.
    D. Pointcheval, J. Stern, Security arguments for digital signatures and blind signatures. J. Cryptol., 13(3):361–396 (2000)Google Scholar
  32. 32.
    M. Rückert, Lattice-based blind signatures, in Masayuki Abe, editor, Advances in Cryptology—ASIACRYPT 2010, vol. 6477 of Lecture Notes in Computer Science, Singapore, December 5–9, (Springer, Berlin, 2010), pp. 413–430Google Scholar
  33. 33.
    D. Schröder, D. Unruh, Round optimal blind signatures. Cryptology ePrint Archive, Report 2011/264, 2011. http://eprint.iacr.org/

Copyright information

© International Association for Cryptologic Research 2016

Authors and Affiliations

  1. 1.CISPASaarland UniversitySaarbrückenGermany
  2. 2.University of TartuTartuEstonia

Personalised recommendations