Paper 2022/1676

Concurrently Secure Blind Schnorr Signatures

Georg Fuchsbauer, TU Wien
Mathias Wolf, TU Wien
Abstract

Many applications of blind signatures, e.g. in blockchains, require compatibility of the resulting signatures with the existing system. This makes blind issuing of Schnorr signatures (now being standardized and supported by major cryptocurrencies) desirable. Concurrent security of the signing protocol is required to thwart denial-of-service attacks. We present a concurrently secure blind-signing protocol for Schnorr signatures, using the standard primitives NIZK and PKE and assuming that Schnorr signatures themselves are unforgeable. Our protocol is the first to be compatible with standard Schnorr implementations over 256-bit elliptic curves. We cast our scheme as a generalization of blind and partially blind signatures: we introduce the notion of predicate blind signatures, in which the signer can define a predicate that the blindly signed message must satisfy. We provide implementations and benchmarks for various choices of primitives and scenarios, such as blindly signing Bitcoin transactions only when they meet certain conditions specified by the signer.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in EUROCRYPT 2024
Keywords
Schnorr signatures(partially) blind signaturesconcurrent securityimplementationBitcoin
Contact author(s)
georg fuchsbauer @ tuwien ac at
mathias wolf @ tuwien ac at
History
2024-06-05: last of 2 revisions
2022-12-01: received
See all versions
Short URL
https://ia.cr/2022/1676
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/1676,
      author = {Georg Fuchsbauer and Mathias Wolf},
      title = {Concurrently Secure Blind Schnorr Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1676},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1676}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.