gnunet-svn
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[donau] 04/10: adding example for blind signatures, wording


From: gnunet
Subject: [donau] 04/10: adding example for blind signatures, wording
Date: Thu, 23 Jan 2025 00:25:04 +0100

This is an automated email from the git hooks/post-receive script.

tanja-lange pushed a commit to branch master
in repository donau.

commit 918f7f9c4c83e7a790a0b5d6302776b5e7850556
Author: Tanja Lange <tanja@hyperelliptic.org>
AuthorDate: Wed Jan 22 22:18:59 2025 +0100

    adding example for blind signatures, wording
---
 doc/usenix-security-2025/paper/technicaldesign.tex | 26 +++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/doc/usenix-security-2025/paper/technicaldesign.tex 
b/doc/usenix-security-2025/paper/technicaldesign.tex
index 15af2d5..4b9912c 100644
--- a/doc/usenix-security-2025/paper/technicaldesign.tex
+++ b/doc/usenix-security-2025/paper/technicaldesign.tex
@@ -100,6 +100,21 @@ some cryptographic background followed by the setup and 
usage.
      \item $Unblind(\overline{\sigma}, b, K^{\pub})$: Takes blind signature 
$\overline{\sigma}$, blinding factor $b$ and verification key $K^{\pub}$ of the 
signer, and returns the unblinded signature $\sigma$ on message $m$ (or $\bot$).
    \end{itemize}
 
+It should be impossible for the signer to infer information about the message
+they sign and it should be impossible for them to trace their signature later,
+see Hoepman's recent paper~\cite{2023/hoepman} highlighting that these are two
+separate requirements.
+
+The most well-known blind signature scheme, going back to Chaum's original
+work~\cite{Chaum89}, is based on RSA. A signature on message $m$ under RSA key
+public key $(n,e)$ is $s\equiv m^d \bmod n$, where $(n,d)$ is the corresponding
+private key. Instead of asking for a signature on $m$ one can request a
+signature on the blinded value $m'\equiv m\cdot r^e \bmod n$ for some randomly
+chosen $r$, receive the blind signature $s'$, and obtain the signature on $m$
+by unblinding $s'$ by computing $s'/r \bmod n$.
+
+
+
 \subsection{Key generation and initial 
setup}\label{key_generation_and_initial_setup}
 
 Before incognito donations to charities can be executed, all participants in
@@ -132,18 +147,19 @@ $C^{\pub}$ is registered in the Donau database.
 
 \subsubsection{Donor Identifier generation}
 
-A donor uses their Donor Identifier every time they
-make a donation and again when requesting a donation receipt from the Donau.
-
 Each donor generates a personal \textbf{Donor Identifier} $\DI$ by
 computing a salted hash of their taxpayer ID
 \begin{align*}
   \DI = H(\texttt{TAXID}, S)
 \end{align*}
-where $S$ is a random salt with sufficient entropy to
-prevent guessing attacks and {\tt TAXID} is their taxpayer ID.
+where $H$ is a cryptographic hash function and
+$S$ is a random salt with sufficient entropy to
+prevent guessing attacks, and {\tt TAXID} is their taxpayer ID.
 The donor stores the salt $S$ along with their $\DI$.
 
+A donor uses their Donor Identifier every time they
+make a donation and again when requesting a donation receipt from the Donau.
+
 They need to use the salt to link the Donation Identifier to their tax
 ID and claim the tax benefits for their donation. The use of the salt
 ensures that the $\DI$ cannot be linked to the donor by anybody

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]