Paper 2023/1199

RSA Blind Signatures with Public Metadata

Ghous Amjad, Google (United States)
Kevin Yeo, Google (United States)
Moti Yung, Google (United States)

Anonymous tokens are digital signature schemes that enable an issuer to provider users with signatures without learning the input message or the resulting signature received by the user. These primitives allow applications to propagate trust while simultaneously protecting the identity of the user. Anonymous tokens have become a core component for improving the privacy of several real-world applications including ad measurements, authorization protocols, spam detection and VPNs. In certain applications, it is natural to associate signatures with specific public metadata ensuring that signatures only propagate trust with respect to only a certain set of scenarios. To solve this, we study the notion of anonymous tokens with public metadata in this work. We present a variant of RSA blind signatures with public metadata such that issuers may only generate signatures that verify for a certain choice of public metadata. We prove the security of our protocol under one-more RSA assumptions with multiple exponents that we introduce. Furthermore, we provide evidence that the concrete security bounds should be nearly identical to standard RSA blind signatures. The protocols in this paper have been proposed as a technical specification in an IRTF internet draft.

Available format(s)
Cryptographic protocols
Publication info
blind signaturesanonymous tokenspublic metadatapartially blind
Contact author(s)
gamjad @ google com
kwlyeo @ google com
moti @ google com
2023-08-10: approved
2023-08-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Ghous Amjad and Kevin Yeo and Moti Yung},
      title = {RSA Blind Signatures with Public Metadata},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1199},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.