Provably secure blind signature schemes

  • David Pointcheval
  • Jacques Stern
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1163)

Abstract

In this paper, we give a provably secure design for blind signatures, the most important ingredient for anonymity in off-line electronic cash systems. Previous examples of blind signature schemes were constructed from traditional signature schemes with only the additional proof of blindness. The design of some of the underlying signature schemes can be validated by a proof in the so-called random oracle model, but the security of the original signature scheme does not, by itself, imply the security of the blind version. In this paper, we first propose a definition of security for blind signatures, with application to electronic cash. Next, we focus on a specific example which can be successfully transformed in a provably secure blind signature scheme.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    M. Bellare and P. Rogaway. Random Oracles are Practical: a paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security, pages 62–73, 1993.Google Scholar
  2. [2]
    M. Bellare and P. Rogaway. The Exact Security of Digital Signatures — How to Sign with RSA and Rabin. In U. Maurer, editor, Advances in Cryptology — Proceedings of EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 399–416. Springer-Verlag, 1996.Google Scholar
  3. [3]
    S.A. Brands. An Efficient Off-line Electronic Cash System Based On The Representation Problem. Technical report, CWI (Centrum voor Wiskunde en Informatica), 1993. CS-R9323.Google Scholar
  4. [4]
    S.A. Brands. Untraceable Off-line Cash in Wallets with Observers. In D. R. Stinson, editor, Advances in Cryptology — proceedings of CRYPTO '93, volume 773 of Lecture Notes in Computer Science, pages 302–318. Springer-Verlag, 1994.Google Scholar
  5. [5]
    S.A. Brands. Off-Line Electronic Cash Based on Secret-Key Certificates. In Proceedings of the 2nd International Symposium of Latin American Theoretical INformatics (LATIN' 95). Valparaíso, Chili, april 1995. Technical report, CWI (Centrum voor Wiskunde en Informatica), CS-R9506.Google Scholar
  6. [6]
    D. Chaum. Blind Signatures for Untraceable Payments. In R. L. Rivest D. Chaum and A. T. Sherman, editors, Advances in Cryptology — Proceedings of CRYPTO '82, pages 199–203. Plenum, NY, 1983.Google Scholar
  7. [7]
    D. Chaum. Security Without Identification: Transaction Systems to Make Big Brother Obsolete. Communications of the ACM 28, 10, October 1985.CrossRefGoogle Scholar
  8. [8]
    D. Chaum. Privacy Protected Payments: Unconditional Payer And/Or Payee Untraceability. In Smartcard 2000. North Holland, 1988.Google Scholar
  9. [9]
    D. Chaum, B. den Boer, E. van Heyst, S. Mjølsnes, and A. Steenbeek. Efficient Off-line Electronic Checks. In J.-J. Quisquater and J. Vandewalle, editors, Advances in Cryptology — Proceedings of EUROCRYPT '89, volume 434 of Lecture Notes in Computer Science, pages 294–301. Springer-Verlag, 1990.Google Scholar
  10. [10]
    D. Chaum, A. Fiat, and M. Naor. Untraceable Electronic Cash. In S. Gold-wasser, editor, Advances in Cryptology — Proceedings of CRYPTO '88, volume 403 of Lecture Notes in Computer Science, pages 319–327. Springer-Verlag, 1989.Google Scholar
  11. [11]
    U. Feige and A. Shamir. Witness Indistinguishable and Witness Hiding Protocols. In Proceedings of the 22nd ACM Symposium on the Theory of Computing STOC. ACM, 1990.Google Scholar
  12. [12]
    N. Ferguson. Extensions of Single Term Coins. In D. R. Stinson, editor, Advances in Cryptology — proceedings of CRYPTO '93, volume 773 of Lecture Notes in Computer Science, pages 292–301. Springer-Verlag, 1994.Google Scholar
  13. [13]
    N. Ferguson. Single Term Off-Line Coins. In T. Helleseth, editor, Advances in Cryptology — Proceedings of EUROCRYPT '93, volume 765 of Lecture Notes in Computer Science. Springer-Verlag, 1994.Google Scholar
  14. [14]
    A. Fiat and A. Shamir. How to Prove Yourself: practical solutions of identification and signature problems. In A. M. Odlyzko, editor, Advances in Cryptology — Proceedings of CRYPTO '86, volume 263 of Lecture Notes in Computer Science, pages 186–194. Springer-Verlag, 1987.Google Scholar
  15. [15]
    T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In IEEE Transactions on Information Theory, volume IT-31, no. 4, pages 469–472, July 1985.CrossRefGoogle Scholar
  16. [16]
    S. Goldwasser, S. Micali, and R. Rivest. A Digital Signature Scheme Secure Against Adaptative Chosen-Message Attacks. SIAM journal of computing, 17(2):281–308, april 1988.CrossRefGoogle Scholar
  17. [17]
    L.C. Guillou and J.-J. Quisquater. A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory. In C. G. Günter, editor, Advances in Cryptology — Proceedings of EUROCRYPT '88, volume 330 of Lecture Notes in Computer Science, pages 123–128. Springer-Verlag, 1988.Google Scholar
  18. [18]
    M. Jakobsson and M. Yung. Revocable and Versatile Electronic Money. In Proceedings of the 3rd ACM Conference on Computer and Communications Security, 1996.Google Scholar
  19. [19]
    D. Naccache and S. von Solms. On Blind Signatures and Perfect Crimes. Computers and Security, 11:581–583, 1992.CrossRefGoogle Scholar
  20. [20]
    NIST. Digital Signature Standard (DSS). Federal Information Processing Standards PUBlication 186, November 1994.Google Scholar
  21. [21]
    K. Ohta and T. Okamoto. Universal Electronic Cash. In J. Feigenbaum, editor, Advances in Cryptology — Proceedings of CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 324–337. Springer-Verlag, 1992.Google Scholar
  22. [22]
    T. Okamoto. Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes. In E. F. Brickell, editor, Advances in Cryptology — Proceedings of CRYPTO '92, volume 740 of Lecture Notes in Computer Science, pages 31–53. Springer-Verlag, 1992.Google Scholar
  23. [23]
    D. Pointcheval and J. Stern. Security Proofs for Signature Schemes. In U. Maurer, editor, Advances in Cryptology — Proceedings of EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 387–398. Springer-Verlag, 1996.Google Scholar
  24. [24]
    R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 21(2):120–126, february 1978.CrossRefGoogle Scholar
  25. [25]
    C.P. Schnorr. Efficient Identification and Signatures for Smart Cards. In G. Brassard, editor, Advances in Cryptology — Proceedings of CRYPTO '89, volume 435 of Lecture Notes in Computer Science, pages 235–251. Springer-Verlag, 1990.Google Scholar
  26. [26]
    S. Vaudenay. Hidden Collisions on DSS. In N. Koblitz, editor, Advances in Cryptology — proceedings of CRYPTO '96, Lecture Notes in Computer Science. Springer-Verlag, 1996. to appear.Google Scholar

Copyright information

© Springer-Verlag 1996

Authors and Affiliations

  • David Pointcheval
    • 1
  • Jacques Stern
    • 1
  1. 1.École Normale SupérieureLaboratoire d'InformatiqueParis Cedex 05

Personalised recommendations