Paper 2022/895
Security Analysis of RSA-BSSA
Abstract
A blind signature scheme is a digital signature scheme that allows the signature recipient to obtain a digital signature on a message of her choice without revealing anything about the message or the resulting signature to the signer. Blind signature schemes have recently found applications for privacy-preserving web browsing and ad ecosystems, and as such, are ripe for standardization. Recently, Denis, Jacobs and Wood [18, 17] submitted an IETF draft for a standard for a blind version of RSA-PSS. Here, we show that this proposed standard constitutes a one-more unforgeable blind signature scheme in the random-oracle model under the one-more-RSA assumption. Further, we show that the blind version of RSA-FDH proposed and analyzed by Bellare, Namprempre, Pointcheval and Semanko does not satisfy blindness when the public key (N,e) is chosen maliciously, but satisfies a weaker notion of a blind token.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- Blind signatures
- Contact author(s)
- anna_lysyanskaya @ brown edu
- History
- 2022-07-08: approved
- 2022-07-08: received
- See all versions
- Short URL
- https://ia.cr/2022/895
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/895, author = {Anna Lysyanskaya}, title = {Security Analysis of RSA-BSSA}, howpublished = {Cryptology ePrint Archive, Paper 2022/895}, year = {2022}, note = {\url{https://eprint.iacr.org/2022/895}}, url = {https://eprint.iacr.org/2022/895} }