Paper 2012/197

On The Security of One-Witness Blind Signature Schemes

Foteini Baldimtsi and Anna Lysyanskaya


Blind signatures have proved an essential building block for applications that protect privacy while ensuring unforgeability, i.e., electronic cash and electronic voting. One of the oldest, and most efficient blind signature schemes is the one due to Schnorr that is based on his famous identification scheme. Although it was proposed over twenty years ago, its unforgeability remains an open problem, even in the random-oracle model. In this paper, we show that current techniques for proving security in the random oracle model do not work for the Schnorr blind signature. Our results generalize to other important blind signatures, such as the one due to Brands. Brands' blind signature is at the heart of Microsoft's newly implemented UProve system, which makes this work relevant to cryptographic practice as well.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
foteini @ cs brown edu
2013-05-22: revised
2012-04-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Foteini Baldimtsi and Anna Lysyanskaya},
      title = {On The Security of One-Witness Blind Signature Schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2012/197},
      year = {2012},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.