Abstract
AbstractBlind signatures are a decades-old privacy enhancing technology. It is not always clearly understood that blind signatures actually possess two separate properties: the intuitive understanding that the message to be signed is hidden from the signer, and the fact that the resulting signature is unlinkable (meaning that the signer cannot later tell in which session it created a particular signature). The question is: how exactly should these properties be defined, and can they be defined in a natural way such that they are mutually independent yet together imply blindness? In this paper we study this question, present formal definitions for message indistinguishability and signature unlinkability (and a few more related ones), and study their relationships. We show that these two properties are indeed mutually independent. Unfortunately their union is not equivalent to blindness in what appear to be only pathological cases.
Publisher
Springer Science and Business Media LLC
Subject
Applied Mathematics,Computer Science Applications
Reference15 articles.
1. Lecture Notes in Computer Science;M Abe,1996
2. Lecture Notes in Computer Science;M Abe,2000
3. Bellare M., Namprempre C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. Cryptology ePrint Archive, 2000/025:25 (2000).
4. Brands S.: Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy, 1st edn MIT Press, Cambridge (2000).
5. Camenisch J., Lysyanskaya A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann B. (ed.) Advances in Cryptology—EUROCRYPT 2001, Lecture Notes in Computer Science, vol. 2045, pp. 93–118. Springer, New York (2001).