Paper 2022/1676
Concurrently Secure Blind Schnorr Signatures
Abstract
Many applications of blind signatures, e.g. in blockchains, require compatibility of the resulting signatures with the existing system. This makes blind issuing of Schnorr signatures (now being standardized and supported by major cryptocurrencies) desirable. Concurrent security of the signing protocol is required to thwart denial-of-service attacks. We present a concurrently secure blind-signing protocol for Schnorr signatures, using the standard primitives NIZK and PKE and assuming that Schnorr signatures themselves are unforgeable. Our protocol is the first to be compatible with standard Schnorr implementations over 256-bit elliptic curves. We cast our scheme as a generalization of blind and partially blind signatures: we introduce the notion of predicate blind signatures, in which the signer can define a predicate that the blindly signed message must satisfy. We provide implementations and benchmarks for various choices of primitives and scenarios, such as blindly signing Bitcoin transactions only when they meet certain conditions specified by the signer.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- A major revision of an IACR publication in EUROCRYPT 2024
- Keywords
- Schnorr signatures(partially) blind signaturesconcurrent securityimplementationBitcoin
- Contact author(s)
-
georg fuchsbauer @ tuwien ac at
mathias wolf @ tuwien ac at - History
- 2024-06-05: last of 2 revisions
- 2022-12-01: received
- See all versions
- Short URL
- https://ia.cr/2022/1676
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1676, author = {Georg Fuchsbauer and Mathias Wolf}, title = {Concurrently Secure Blind Schnorr Signatures}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1676}, year = {2022}, url = {https://eprint.iacr.org/2022/1676} }