Paper 2023/1199
RSA Blind Signatures with Public Metadata
Abstract
Anonymous tokens are digital signature schemes that enable an issuer to provider users with signatures without learning the input message or the resulting signature received by the user. These primitives allow applications to propagate trust while simultaneously protecting the identity of the user. Anonymous tokens have become a core component for improving the privacy of several real-world applications including ad measurements, authorization protocols, spam detection and VPNs. In certain applications, it is natural to associate signatures with specific public metadata ensuring that signatures only propagate trust with respect to only a certain set of scenarios. To solve this, we study the notion of anonymous tokens with public metadata in this work. We present a variant of RSA blind signatures with public metadata such that issuers may only generate signatures that verify for a certain choice of public metadata. We prove the security of our protocol under one-more RSA assumptions with multiple exponents that we introduce. Furthermore, we provide evidence that the concrete security bounds should be nearly identical to standard RSA blind signatures. The protocols in this paper have been proposed as a technical specification in an IRTF internet draft.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- blind signaturesanonymous tokenspublic metadatapartially blind
- Contact author(s)
-
gamjad @ google com
kwlyeo @ google com
moti @ google com - History
- 2023-08-10: approved
- 2023-08-08: received
- See all versions
- Short URL
- https://ia.cr/2023/1199
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1199,
author = {Ghous Amjad and Kevin Yeo and Moti Yung},
title = {{RSA} Blind Signatures with Public Metadata},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/1199},
year = {2023},
url = {https://eprint.iacr.org/2023/1199}
}
