Security of Blind Signatures Revisited

  • Dominique Schröder
  • Dominique Unruh
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7293)

Abstract

We revisit the definition of unforgeability of blind signatures as proposed by Pointcheval and Stern (Journal of Cryptology 2000). Surprisingly, we show that this established definition falls short in two ways of what one would intuitively expect from a secure blind signature scheme: It is not excluded that an adversary submits the same message m twice for signing, and then produces a signature for m′ ≠ m. The reason is that the forger only succeeds if all messages are distinct. Moreover, it is not excluded that an adversary performs k signing queries and produces signatures on k + 1 messages as long as each of these signatures does not pass verification with probability 1.

Finally, we propose a new definition, honest-user unforgeability, that covers these attacks. We give a simple and efficient transformation that transforms any unforgeable blind signature scheme (with deterministic verification) into an honest-user unforgeable one.

References

  1. 1.
    Abdalla, M., Namprempre, C., Neven, G.: On the (Im)possibility of Blind Message Authentication Codes. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 262–279. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Abe, M.: A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136–151. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-Preserving Signatures and Commitments to Group Elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010)Google Scholar
  4. 4.
    Abe, M., Ohkubo, M.: A Framework for Universally Composable Non-committing Blind Signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 435–450. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. Journal of Cryptology 16(3), 185–215 (2003)MathSciNetMATHCrossRefGoogle Scholar
  6. 6.
    Bjones, R.: U-prove technology overview (October 2010), http://www.itforum.dk/downloads/Ronny_Bjones_Uprove.pdf
  7. 7.
    Boldyreva, A.: Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Brands, S., Paquin, C.: U-prove cryptographic specification v1.0 (March 2011), http://connect.microsoft.com/site642/Downloads/DownloadDetails.aspx?DownloadID=26953
  9. 9.
    Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  10. 10.
    Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM CCS 2008: 15th Conference on Computer and Communications Security, Alexandria, Virginia, USA, October 27-31, pp. 345–356. ACM Press (2008)Google Scholar
  11. 11.
    Camenisch, J., Koprowski, M., Warinschi, B.: Efficient Blind Signatures Without Random Oracles. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 134–148. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology – CRYPTO 1982, Santa Barbara, CA, USA, pp. 199–203. Plenum Press, New York (1983)Google Scholar
  13. 13.
    Chaum, D.: Blind signature system. In: Chaum, D. (ed.) Advances in Cryptology – CRYPTO 1983, Santa Barbara, CA, USA, p. 153. Plenum Press, New York (1984)Google Scholar
  14. 14.
    Fischlin, M.: Round-Optimal Composable Blind Signatures in the Common Reference String Model. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 60–77. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Fischlin, M., Schröder, D.: Security of Blind Signatures under Aborts. In: Jarecki, S., Tsudik, G. (eds.) PKC 2009. LNCS, vol. 5443, pp. 297–316. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Fischlin, M., Schröder, D.: On the Impossibility of Three-Move Blind Signature Schemes. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 197–215. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Fuchsbauer, G.: Automorphic signatures in bilinear groups and an application to round-optimal blind signatures. Cryptology ePrint Archive, Report 2009/320 (2009), http://eprint.iacr.org/
  18. 18.
    Garg, S., Rao, V., Sahai, A., Schröder, D., Unruh, D.: Round Optimal Blind Signatures. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 630–648. Springer, Heidelberg (2011)Google Scholar
  19. 19.
    Ghadafi, E., Smart, N.P.: Efficient two-move blind signatures in the common reference string model. Cryptology ePrint Archive, Report 2010/568 (2010), http://eprint.iacr.org/
  20. 20.
    Hazay, C., Katz, J., Koo, C.-Y., Lindell, Y.: Concurrently-Secure Blind Signatures Without Random Oracles or Setup Assumptions. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 323–341. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Horvitz, O., Katz, J.: Universally-Composable Two-Party Computation in Two Rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Juels, A., Luby, M., Ostrovsky, R.: Security of Blind Digital Signatures (Extended Abstract). In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)Google Scholar
  23. 23.
    Kiayias, A., Zhou, H.-S.: Equivocal Blind Signatures and Adaptive UC-Security. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 340–355. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. 24.
    Okamoto, T.: Efficient Blind and Partially Blind Signatures Without Random Oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80–99. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  25. 25.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(3), 361–396 (2000)MATHCrossRefGoogle Scholar
  26. 26.
    Rückert, M.: Lattice-Based Blind Signatures. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 413–430. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Schröder, D., Unruh, D.: Round optimal blind signatures. Cryptology ePrint Archive, Report 2011/264 (2011), http://eprint.iacr.org/
  28. 28.
    Schröder, D., Unruh, D.: Security of blind signatures revisited. Cryptology ePrint Archive, Report 2011/316 (2011), http://eprint.iacr.org/
  29. 29.
    MICROSOFT U-PROVE. Microsoft u-prove ctp release 2 (March 2011), http://connect.microsoft.com/site642/Downloads/DownloadDetails.aspx?DownloadID=26953

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Dominique Schröder
    • 1
  • Dominique Unruh
    • 2
  1. 1.University of MarylandUSA
  2. 2.University of TartuEstonia

Personalised recommendations