Blind decoding, blind undeniable signatures, and their applications to privacy protection
A cryptographic concept, blind decoding is discussed: a client has a message encrypted with a server's public key and the client asks the server to decode the message without revealing what is the decoded plaintext nor learning the server's secret key. Blind decoding is a useful tool for protecting user's privacy in on-line shopping over the Internet. The RSA-based blind decoding is easily converted from the similar protocol as the Chaum's blind signature scheme, and a blind decoding protocol for the ElGamal encryption scheme is newly proposed. Moreover, the practical gap between the known RSA-based blind decoding and our ElGamal-based scheme is discussed in the application to protecting copyright matter of electronic documents.
In blind decoding scheme, undetectability of the decrypted message has both negative and positive aspects: a negative aspect is considered as the problem of spotting the oracle and a positive aspect is applicable to making undeniable signatures blind against the signer.
Key wordsBlind decoding undeniable signatures ElGamal encryption privacy protection online shopping digital money
Unable to display preview. Download preview PDF.
- [AFK89]M.Abadi, J.Feigenbaum, and J.Kilian, ”On hiding information from an oracle,” JCSS 39, pp.21–50 (1989).Google Scholar
- [AN95]R.Anderson and R.Needham, ”Robustness principles for public key protocols,” Advances in Cryptology-CRYPTO '95, LNCS 963, pp.236–247 (1995).Google Scholar
- [CBDP91]D. Chaum, J Boyar, I.Damgaard, and T.Pedersen, ”Undeniable signatures: applications and theory,” Technical Report (1991).Google Scholar
- [Cha82]D. Chaum, ”Blind Signatures for untraceable payments,” Advances in Cryptology Proceedings of Crypto '82, pp. 199–203 (1983).Google Scholar
- [CP92]D. Chaum and T. Pedersen, ”Wallet Databeses with Observers,” Advances in Cryptology, CRYPTO'92, pp. 89–105 (1993).Google Scholar
- [CvA89]D. Chaum, H. van Antwerpen, ”Undeniable Signatures,” Advances in Cryptology-CRYPTO '89, pp.212–216 (1990)Google Scholar
- [CPS94]J. L. Carmenisch, J.-M. Piveteau, M. A. Stadler, ”Blind signature schemes based on the discrete logarithm problem”, Proc. of Eurocrypt '94, pp.428–432 (1995).Google Scholar
- [ElG85]T.ElGamal, ”A public key cryptsystem and a signature scheme based on discrete logarithms” IEEE Trans. on IT, 31, pp.469–472 (1985).Google Scholar
- [Kob87a]Neal Koblitz, “Elliptic curve cryptosystems,” Math. Comp., vol. 48, No.177, pp.203–209 (1987).Google Scholar
- [Kob87b]Neal Koblitz, “A Course in Number Theory and Cryptography,” GTM114, Springer-Verlag, New York (1987).Google Scholar
- [Mil85]Victor S. Miller, “Use of elliptic curves in cryptography,” CRYPTO'85, pp.417–426.Google Scholar
- [Mic92]Silvio Micali, ”Fair public key cryptosystems,” Proc. Crypto '92, pp.113-138 (1993).Google Scholar
- [Riv90]Rivest, R. L., “Cryptography,” Chapter 13 of Handbook of Theoretical Computer Science, Vol.A, Algorithms and Complexity, edited by Jan van Leeuwen, The MIT, pp.717–755 (1990).Google Scholar
- [SRA79]A.Shamir, L.Rivest, and L.Adleman, ”Mental Poker,” MIT/LCS, TM-125 (1979)Google Scholar
- [vSN92]S. von Solms and D. Naccache, ”On blind signatures and perfect crimes,” Computers and Security. Vol.11, No.6.Google Scholar