gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[donau] branch master updated: slightly more formal definition of blind


From: gnunet
Subject: [donau] branch master updated: slightly more formal definition of blind signatures
Date: Tue, 21 Jan 2025 16:49:41 +0100

This is an automated email from the git hooks/post-receive script.

jonathan-levin pushed a commit to branch master
in repository donau.

The following commit(s) were added to refs/heads/master by this push:
     new 0301845  slightly more formal definition of blind signatures
0301845 is described below

commit 03018458bdfdc2aed5a9109e2e7582044fa10fcc
Author: Jonathan <ondesmartenot@riseup.net>
AuthorDate: Tue Jan 21 23:49:19 2025 +0800

    slightly more formal definition of blind signatures
---
 doc/usenix-security-2025/paper/technicaldesign.tex | 58 ++++++++++++----------
 1 file changed, 32 insertions(+), 26 deletions(-)

diff --git a/doc/usenix-security-2025/paper/technicaldesign.tex 
b/doc/usenix-security-2025/paper/technicaldesign.tex
index bf14ef6..fc382be 100644
--- a/doc/usenix-security-2025/paper/technicaldesign.tex
+++ b/doc/usenix-security-2025/paper/technicaldesign.tex
@@ -36,8 +36,11 @@ some cryptographic background followed by the setup and 
usage.
 % Concepts from cryptography are also explained when necessary.
 %
  \subsection{Background \& Terminology}\label{notation_and_definitions}
- This section gives an informal introduction to some concepts from cryptography
-which are used later in the report.
+ Digital cash makes use of \textbf{blind signatures} to issue 
tokens~\cite{Chaum89}. Our
+ design uses the same mechansim to unlink the donation process from the issued
+ donation receipts, thus preserving the anonymity properties of the digital
+ cash used to make a donation.  This section introduces the definition and
+ security properties of blind signatures.
 
 %    \paragraph{Cryptographic Hash Function}
 %      A cryptographic hash function $H$ is a function that takes as input an 
arbitrarily
@@ -75,33 +78,36 @@ which are used later in the report.
 %      nobody can generate a signature that verifies for some message under a
 % public key if they do not have access to the matching private key.
 
-   \paragraph{Blind Signature}
-
-     A \textbf{blind signature} is a type of digital signature where the
-signing party signs a so-called blinded message. The party requesting the 
signature
-hides the true message with a {\bf blinding factor}, which only they know.
-Signature schemes that support blind signatures are constructed in such a way
-that one can compute a signature that is valid on the original (not blinded)
-message from the blind signature and the blinding factor.
-Requirements on the blind signature scheme are that the
-signer does not learn anything about the message they are signing and cannot
-link the unblinded signature to the blind one they signed.
-
-     The {\bf blinding} operation requires the message $m$ to blind, the
-blinding factor $b$ and the public key $K_x^{\pub}$ of the party issuing the
-blind signature, written as $\overline{m} = \blind(m, b, K_x^{\pub})$.
-We write the {\bf unblinding} operation as
-$\beta = \unblind(\overline{\beta}, b, K_x^{\pub})$,
-where $\overline{\beta}$ is the value to unblind, $b$ the blinding factor to
-apply and $K_x^{\pub}$ the public key that was used for signing.
-
+   \paragraph{Blind signatures}
+   Informally, a blind signature is a digital signature where the signer does
+   not know the message that they are signing.  The party requesting the
+   signature hides the true message with a secret value called a {\bf blinding
+     factor}, which can later be used to derive a valid signature on the
+   original, unblinded message.
+
+   Like standard digital signature schemes, blind signature schemes should
+   achieve \textbf{unforgeability} --- the property that users without the
+   secret signing key should be unable to generate new, valid
+   signatures. Unlike standard digital signatures, blind signatures must also
+   achieve \textbf{blindness} --- the property that curious signers should
+   never be able to link previously issued blind signatures with their
+   unblinded counterparts.
+
+   \begin{definition}{Blind Signature}
+
+   \textrm{Slightly more formally, we define blind signatures as a quadruple 
of algorithms:}
+   \begin{itemize}
+     \item $ KeyGen(1^\lambda)$: Generates a verification/signing key pair 
$(K^{\pub}, K^{\priv})$.
+     \item $Blind(m,  b, K_x^{\pub})$: Takes a message $m$, blinding factor 
$b$, and verification key $K_x^{\pub}$ of the signer $X$ and computes the 
blinded message $\overline{m}$.
+     \item $BlindSign(K_x^{\priv}, \overline{m})$: Takes secret signing key 
$K_x^{\priv}$ and blinded message $\overline{m}$ and computes the blind 
signature $\overline{\sigma}$.
+     \item $Unblind(\overline{\sigma}, b, K_x^{\pub})$: Takes blind signature 
$\overline{\sigma}$, blinding factor $b$ and verification key $K_x^{\pub}$ of 
the signer $X$, and returns the unblinded signature $\sigma$ (or $\bot$).
+   \end{itemize}
+   \end{definition}
 
 \subsection{Key generation and initial 
setup}\label{key_generation_and_initial_setup}
 
-Digital cash makes use of blind signatures to issue
-tokens~\cite{Chaum89}. Our design uses the same mechansim to unlink the
-donation process from the issued donation receipts, thus preserving
-the anonymity properties of the digital cash used to make a donation.
+Before incognito donations to charities can be executed, all parties (Donau,
+charities, and donors) must perform an initial setup.
 
 \subsubsection{Donau key generation}\label{donau_key_generation}
 \begin{enumerate}

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]