Paper 2022/1676
(Concurrently Secure) Blind Schnorr from Schnorr
Abstract
Many applications of blind signatures, such as those for blockchains, require the resulting signatures to be compatible with the existing system. This makes schemes that produce Schnorr signatures, which are now supported by major cryptocurrencies, including Bitcoin, desirable. Unfortunately, the existing blind-signing protocol has been shown insecure when users can open signing sessions concurrently (Eurocrypt'21). On the other hand, only allowing sequential sessions opens the door to denial-of-service attacks. We present the first concurrently secure blind-signing protocol for Schnorr signatures, using the standard primitives NIZK and PKE and assuming that Schnorr signatures themselves are unforgeable. We cast our scheme as a generalization of blind and partially blind signatures. We formally define the notion of predicate blind signatures, in which the signer can define a predicate that the blindly signed message must satisfy.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint.
- Keywords
- Schnorr signatures (partially) blind signatures concurrent security
- Contact author(s)
-
georg fuchsbauer @ tuwien ac at
mathias wolf @ tuwien ac at - History
- 2022-12-02: approved
- 2022-12-01: received
- See all versions
- Short URL
- https://ia.cr/2022/1676
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1676, author = {Georg Fuchsbauer and Mathias Wolf}, title = {(Concurrently Secure) Blind Schnorr from Schnorr}, howpublished = {Cryptology ePrint Archive, Paper 2022/1676}, year = {2022}, note = {\url{https://eprint.iacr.org/2022/1676}}, url = {https://eprint.iacr.org/2022/1676} }