Strengthened security for blind signatures

  • David Pointcheval
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)


Provable security is a very nice property for cryptographic protocols. Unfortunately, in many cases, this is at the cost of a considerable loss in terms of efficiency. More recently, a new approach to achieve some kind of provable security was explored using the so-called “random oracle model”.

Last year, Stern and the author studied the security of blind signatures in this model. We first defined appropriate notions of security for electronic cash purpose, then, we proposed the first efficient and provably secure schemes. Unfortunately, even if our proof prevents a user from spending more coins than he had withdrawn, this is only if the number of withdrawn coins is poly-logarithmically bounded.

In this paper, we propose a generic transformation of those schemes which extends the security even after polynomially many withdrawals. Moreover, this transformation keeps the scheme efficient and so can be used in a secure and efficient anonymous off-line electronic cash system.


Hash Function Smart Card Signature Scheme Random Oracle Blind Signature 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    M. Bellare and S. Micali. How To Sign Given Any Trapdoor Function. In Crypto '88, LNCS 403, pages 200–215. Springer-Verlag, 1989.Google Scholar
  2. [2]
    M. Bellare and P. Rogaway. Random Oracles are Practical: a paradigm for designing efficient protocols. In Proc. of the 1st CCCS, pages 62–73. ACM press, 1993.Google Scholar
  3. [3]
    M. Bellare and P. Rogaway. The Exact Security of Digital Signatures — How to Sign with RSA and Rabin. In Eurocrypt '96, LNCS 1070, pages 399–416. Springer-Verlag, 1996.Google Scholar
  4. [4]
    S. A. Brands. Untraceable Off-line Cash in Wallets with Observers. In Crypto '93, LNCS 773, pages 302–318. Springer-Verlag, 1994.Google Scholar
  5. [5]
    J. Camenisch, U. Maurer, and M. Stadler. Digital Payment Systems with Passive Anonymity-Revoking Trustees. In ESORICS '96, LNCS 1146. Springer-Verlag, 1996.Google Scholar
  6. [6]
    D. Chaum. Blind Signatures for Untraceable Payments. In Crypto '82, pages 199–203. Plenum, NY, 1983.Google Scholar
  7. [7]
    D. Chaum, I. B. Damgård, and J. van de Graaf. Multiparty Computations ensuring Privacy of each Party's Input and Correctness of the Result. In Crypto '87, LNCS 293. Springer-Verlag, 1988.Google Scholar
  8. [8]
    I. B. Damgård. Payment Sytems and Credential Mechanisms with Provable Security against Abuse by Individuals. In Crypto '88, LNCS 403, pages 328–335. Springer-Verlag, 1989.Google Scholar
  9. [9]
    W. Diffie and M. E. Hellman. New Directions in Cryptography. In IEEE Transactions on Information Theory, volume IT-22, no. 6, pages 644–654, November 1976.MathSciNetCrossRefGoogle Scholar
  10. [10]
    A. Fiat and A. Shamir. How to Prove Yourself: practical solutions of identification and signature problems. In Crypto '86, LNCS 263, pages 186–194. Springer-Verlag, 1987.Google Scholar
  11. [11]
    Y. Frankel, Y. Tsiounis, and M. Yung. “Indirect Disclosure Proof”: Achieving Efficient Fair Off-Line E-Cash. In Asiacrypt '96, LNCS 1163, pages 286–300. Springer-Verlag, 1996.Google Scholar
  12. [12]
    M. R. Garey and D. S. Johnson. Computers and Intractability, A Guide to the Theory of NP-Completeness. Freeman, New-York, 1979.Google Scholar
  13. [13]
    O. Goldreich, S. Micali, and A. Wigderson. How to Play any Mental Game. In Proc. of the 19th STOC, pages 218–229. ACM Press, 1987.Google Scholar
  14. [14]
    S. Goldwasser, S. Micali, and R. Rivest. A Digital Signature Scheme Secure Against Adaptative Chosen-Message Attacks. SIAM journal of computing, 17(2):281–308, April 1988.zbMATHMathSciNetCrossRefGoogle Scholar
  15. [15]
    M. Jakobsson and M. Yung. Revokable and Versatile Electronic Money. In Proc. of the 3rd CCCS, pages 76–87. ACM press, 1996.Google Scholar
  16. [16]
    A. Juels, M. Luby, and R. Ostrovsky. Security of Blind Digital Signatures. In Crypto '97, LNCS 1294, pages 150–164. Springer-Verlag, 1997.Google Scholar
  17. [17]
    M. Naor and M. Yung. Universal One-Way Hash Functions and their Cryptographic Applications. In Proc. of the 21st STOC, pages 33–43. ACM Press, 1989.Google Scholar
  18. [18]
    National Bureau of Standard U.S. Data Encryption Standard, 1977.Google Scholar
  19. [19]
    NIST. Secure Hash Standard (SHS). Federal Information Processing Standards PUBlication 180-1, April 1995.Google Scholar
  20. [20]
    T. Okamoto. Provably Secure and Practical Identification Schemes and Corresponding Signature Schemes. In Crypto '92, LNCS 740, pages 31–53. Springer-Verlag, 1992.Google Scholar
  21. [21]
    B. Pfitzmann and M. Waidner. How to Break and Repair a “Provably Secure” Untraceable Payment System. In Crypto '91, LNCS 576, pages 338–350. Springer-Verlag, 1992.Google Scholar
  22. [22]
    D. Pointcheval. Les Preuves de Connaissance et leurs Preuves de Sécurité. PhD thesis, Université de Caen, December 1996.Google Scholar
  23. [23]
    D. Pointcheval and J. Stern. Provably Secure Blind Signature Schemes. In Asiacrypt '96, LNCS 1163, pages 252–265. Springer-Verlag, 1996.Google Scholar
  24. [24]
    D. Pointcheval and J. Stern. Security Proofs for Signature Schemes. In Eurocrypt '96, LNCS 1070, pages 387–398. Springer-Verlag, 1996.Google Scholar
  25. [25]
    D. Pointcheval and J. Stern. New Blind Signatures Equivalent to Factorization. In Proc. of the 4th CCCS, pages 92–99. ACM press, 1997.Google Scholar
  26. [26]
    R. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public Key Cryptosystems. Communications of the ACM, 21(2):120–126, February 1978.zbMATHMathSciNetCrossRefGoogle Scholar
  27. [27]
    C. P. Schnorr. Efficient Identification and Signatures for Smart Cards. In Crypto '89, LNCS 435, pages 235–251. Springer-Verlag, 1990.Google Scholar
  28. [28]
    C. P. Schnorr. Efficient Signature Generation by Smart Cards. Journal of Cryptology, 4(3):161–174, 1991.zbMATHMathSciNetCrossRefGoogle Scholar
  29. [29]
    S. von Solms and D. Naccache. On Blind Signatures and Perfect Crimes. Computers & Security, 11:581–583, 1992.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • David Pointcheval
    • 1
    • 2
  1. 1.GREYC, Département d'InformatiqueUniversité de CaenCaen CedexFrance
  2. 2.LIENSécole Normale SupérieureParis Cedex 05France

Personalised recommendations