Efficient Blind Signatures Without Random Oracles

  • Jan Camenisch
  • Maciej Koprowski
  • Bodgan Warinschi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3352)


The only known blind signature scheme that is secure in the standard model [19] is based on general results about multi-party computation, and thus it is extremely inefficient. The main result of this paper is the first provably secure blind signature scheme which is also efficient. We develop our construction as follows. In the first step, which is a significant result on its own, we devise and prove the security of a new variant for the Cramer-Shoup-Fischlin signature scheme. We are able to show that for generating signatures, instead of using randomly chosen prime exponents one can securely use randomly chosen odd integer exponents which significantly simplifies the signature generating process. We obtain our blind signing function as a secure and efficient two-party computation that cleverly exploits its algebraic properties and those of the Paillier encryption scheme. The security of the resulting signing protocol relies on the Strong RSA assumption and the hardness of decisional composite residuosity; we stress that it does not rely on the existence of random oracles.


Signature Scheme Random Oracle Blind Signature Commitment Scheme Blind Signature Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bellare, M., Boldyreva, A., Palacio, A.: An un-instantiable random-oracle-model scheme for a hybrid-encryption problem. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 171–188. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS, pp. 62–73 (1993)Google Scholar
  3. 3.
    Camenisch, J., Michels, M.: Proving in zero-knowledge that a number n is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, p. 107. Springer, Heidelberg (1999)Google Scholar
  4. 4.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)Google Scholar
  5. 5.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: Proceedings of the 13th Annual ACM STOC, pp. 209–218 (1998)Google Scholar
  6. 6.
    Chaum, D.: Blind signatures for untraceable payments. In: Advances in Cryptology — Proceedings of CRYPTO 1982, pp. 199–203. Plenum Press, New York (1983)Google Scholar
  7. 7.
    Chaum, D.: Blind signature systems. In: Advances in Cryptology — CRYPTO 1983, p. 153. Plenum Press, New York (1984)Google Scholar
  8. 8.
    Cramer, R.: Modular Design of Secure yet Practical Cryptographic Protocol. PhD thesis, University of Amsterdam (1997)Google Scholar
  9. 9.
    Damgård, I.: Efficient concurrent zero-knowledge in the auxiliary string model. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 418. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Damgård, I., Fujisaki, E.: A statistically-hiding integer commitment scheme based on groups with hidden order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    de Bruijn, N.: On the number of positive integers ≤ x and free of prime factors > y. Nederl. Akad. Wetensch. Proceedings 53, 813–821 (1950)zbMATHGoogle Scholar
  12. 12.
    Dickman, K.: On the frequency of numbers containing prime factors of a certain relative magnitude. Arkiv för Matematik, Astronomi och Fysik 22A(10) (1930)Google Scholar
  13. 13.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: Proceedings of the 30th Annual STOC, Dallas, TX, pp. 409–418. ACM Press, New York (1998)Google Scholar
  14. 14.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solution to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)Google Scholar
  15. 15.
    Fischlin, M.: The Cramer-Shoup Strong-RSA signature scheme revisited. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 116–129. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Fujiski, E., Okamoto, T.: Statistical zero-knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)Google Scholar
  17. 17.
    Goldwasser, S., Tauman, Y.: On the (in)security of the Fiat-Shamir transform. In: Proceedings of Foundations of Computer Science (2003)Google Scholar
  18. 18.
    Hildebrand, A.: On the number of positive integers ≤ x and free of prime factors > y. Journal of Number Theory 22, 289–307 (1986)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997)Google Scholar
  20. 20.
    Knuth, D.E., Pardo, L.T.: Analysis of a simple factorization algorithm. Theoretical Computer Science 3(3), 321–348 (1976)CrossRefMathSciNetGoogle Scholar
  21. 21.
    MacKenzie, P., Reiter, M.K.: Two-party generation of DSA signatures. International Journal of Information Security 2(3) (2004)Google Scholar
  22. 22.
    Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 111. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Paillier, P.: Public-key cryptosystem based on composite degree residuosity classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  24. 24.
    Pointcheval, D., Stern, J.: Provably secure blind signature schemes. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, Springer, Heidelberg (1996)Google Scholar
  25. 25.
    Pointcheval, D., Stern, J.: New blind signatures equivalent to factorization. In: ACM CCS, pp. 92–99. ACM Press, New York (1997)CrossRefGoogle Scholar
  26. 26.
    Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(3), 361–396 (2000)zbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Jan Camenisch
    • 1
  • Maciej Koprowski
    • 2
  • Bodgan Warinschi
    • 3
  1. 1.Zurich Research LaboratoryIBM ResearchRüschlikon
  2. 2.Intel Technology PolandGdansk
  3. 3.Computer Science Dept.UC Santa CruzSanta CruzUSA

Personalised recommendations