Cryptology ePrint Archive: Report 2012/197

On The Security of One-Witness Blind Signature Schemes

Foteini Baldimtsi and Anna Lysyanskaya

Abstract: Blind signatures have proved an essential building block for applications that protect privacy while ensuring unforgeability, i.e., electronic cash and electronic voting. One of the oldest, and most ecient blind signature schemes is the one due to Schnorr that is based on his famous identication scheme. Although it was proposed over twenty years ago, its unforgeability remains an open problem, even in the random-oracle model. In this paper, we show that current techniques for proving security in the random oracle model do not work for the Schnorr blind signature. Our results generalize to other important blind signatures, such as the one due to Brands. Brands' blind signature is at the heart of Microsoft's newly implemented UProve system, which makes this work relevant to cryptographic practice as well.

Category / Keywords:

Date: received 11 Apr 2012, last revised 21 May 2013

Contact author: foteini at cs brown edu

Available format(s): PDF | BibTeX Citation

Version: 20130522:031507 (All versions of this report)

Short URL: ia.cr/2012/197

Discussion forum: Show discussion | Start new discussion