Paper 2024/1100
Unforgeability of Blind Schnorr in the Limited Concurrency Setting
, Brown University, Oregon State UniversityAbstract
Blind signature schemes enable a user to obtain a digital signature on a message from a signer without revealing the message itself. Among the most fundamental examples of such a scheme is blind Schnorr, but recent results show that it does not satisfy the standard notion of security against malicious users, One-More Unforgeability (OMUF), as it is vulnerable to the ROS attack. However, blind Schnorr does satisfy the weaker notion of sequential OMUF, in which only one signing session is open at a time, in the Algebraic Group Model (AGM) + Random Oracle Model (ROM), assuming the hardness of the Discrete Logarithm (DL) problem. This paper serves as a first step towards characterizing the security of blind Schnorr in the limited concurrency setting. Specifically, we show that blind Schnorr satisfies OMUF when at most two signing sessions can be concurrently open (in the AGM+ROM, assuming DL). Our argument suggests that it is plausible that blind Schnorr satisfies OMUF for up to polylogarithmically many concurrent signing sessions. Our security proof involves interesting techniques from linear algebra and combinatorics.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Published by the IACR in CIC 2024
- DOI
- 10.62056/a3qj5w7sf
- Keywords
- Schnorr signaturesblind signaturesalgebraic group modelROS
- Contact author(s)
-
fharding1 @ protonmail com
xujiay @ oregonstate edu - History
- 2024-09-10: last of 2 revisions
- 2024-07-05: received
- See all versions
- Short URL
- https://ia.cr/2024/1100
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1100,
author = {Franklin Harding and Jiayu Xu},
title = {Unforgeability of Blind Schnorr in the Limited Concurrency Setting},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1100},
year = {2024},
doi = {10.62056/a3qj5w7sf},
url = {https://eprint.iacr.org/2024/1100}
}
