In this work, we provide an affirmative answer to this problem and construct the first round-optimal blind signature scheme in the plain model from standard polynomial-time assumptions. Our construction is based on various standard cryptographic primitives and also on new primitives that we introduce in this work, all of which are instantiable from classical and post-quantum standard polynomial-time assumptions. The main building block of our scheme is a new primitive called a blind-signature-conforming zero-knowledge (ZK) argument system. The distinguishing feature is that the ZK property holds by using a quantum polynomial-time simulator against non-uniform classical polynomial-time adversaries. Syntactically one can view this as a delayed-input three-move ZK argument with a reusable first message, and we believe it would be of independent interest.
Category / Keywords: foundations / blind signature, zero knowledge Original Publication (with major differences): IACR-EUROCRYPT-2021 Date: received 8 Mar 2021 Contact author: ryo nishimaki zk at hco ntt co jp,shuichi katsumata@aist go jp,takashi yamakawa ga@hco ntt co jp,yamada-shota@aist go jp Available format(s): PDF | BibTeX Citation Version: 20210309:134917 (All versions of this report) Short URL: ia.cr/2021/306