In cryptography a blind signature, as introduced by David Chaum,[1] is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. The resulting blind signature can be publicly verified against the original, unblinded message in the manner of a regular digital signature. Blind signatures are typically employed in privacy-related protocols where the signer and message author are different parties. Examples include cryptographic election systems and digital cash schemes.
An often-used analogy to the cryptographic blind signature is the physical act of a voter enclosing a completed anonymous ballot in a special carbon paper lined envelope that has the voter's credentials pre-printed on the outside. An official verifies the credentials and signs the envelope, thereby transferring his signature to the ballot inside via the carbon paper. Once signed, the package is given back to the voter, who transfers the now signed ballot to a new unmarked normal envelope. Thus, the signer does not view the message content, but a third party can later verify the signature and know that the signature is valid within the limitations of the underlying signature scheme.
An example of blind signature in action
Blind signatures can also be used to provide unlinkability, which prevents the signer from linking the blinded message it signs to a later un-blinded version that it may be called upon to verify. In this case, the signer's response is first "un-blinded" prior to verification in such a way that the signature remains valid for the un-blinded message. This can be useful in schemes where anonymity is required.
Blind signature schemes can be implemented using a number of common public key signing schemes, for instance RSA and DSA. To perform such a signature, the message is first "blinded", typically by combining it in some way with a random "blinding factor". The blinded message is passed to a signer, who then signs it using a standard signing algorithm. The resulting message, along with the blinding factor, can be later verified against the signer's public key. In some blind signature schemes, such as RSA, it is even possible to remove the blinding factor from the signature before it is verified. In these schemes, the final output (message/signature) of the blind signature scheme is identical to that of the normal signing protocol.
^Chaum, David (1983). "Blind Signatures for Untraceable Payments" (PDF). Advances in Cryptology. Vol. 82. pp. 199–203. doi:10.1007/978-1-4757-0602-4_18. ISBN 978-1-4757-0604-8.
cryptography a blindsignature, as introduced by David Chaum, is a form of digital signature in which the content of a message is disguised (blinded) before...
electronic signatureBlindsignature Detached signature Public key certificate Digital signature in Estonia Electronic lab notebook Electronic signature Electronic...
Yvo G. (ed.). "Threshold Signatures, Multisignatures and BlindSignatures Based on the Gap-Diffie-Hellman-Group Signature Scheme". Public Key Cryptography...
the blinding, the party computing the blindsignature learns neither the input (what is being signed) nor the output (the resulting digital signature)....
private key technology, in order to create this BlindSignature Technology. Chaum's BlindSignature Technology was designed to ensure the complete privacy...
user's anonymity, and inventing many cryptographic protocols like the blindsignature, mix networks and the Dining cryptographers protocol. In 1995 his company...
very brief period of time, and a signature board, featuring a pink-colored car, was designed and released for Way. Blind released its first video in 1991...
numbers. Security was ensured by public key digital signature schemes. The RSA blindsignatures achieved unlinkability between withdrawal and spend transactions...
signed, while the recipient obtains a signature without any knowledge of the signed message. Blindsignatures serve as a crucial building block for various...
An undeniable signature is a digital signature scheme which allows the signer to be selective to whom they allow to verify signatures. The scheme adds...
decentralized payment systems, GNU Taler does not use a blockchain. A blindsignature is used to protect the privacy of users as it prevents the exchange...
The ElGamal signature scheme is a digital signature scheme which is based on the difficulty of computing discrete logarithms. It was described by Taher...
or other symbols. It is also used as a replacement for a signature for a person who is blind or illiterate and thus cannot write their name. Typically...
A signature dish is a recipe that identifies an individual chef or restaurant. Ideally it should be unique and allow an informed gastronome to name the...
ID-based short signature schemes (joint work with Willy Susilo and Yi Mu) - Financial Cryptography 2005, and restrictive partial blindsignature schemes (joint...
arguments for Digital Signatures and BlindSignature using Forking Lemma. Claus P. Schnorr provided an attack on blind Schnorr signatures schemes, with more...
Sabre (travel reservation system). In 1983, a research paper titled "BlindSignatures for Untraceable Payments" by David Chaum introduced the idea of digital...
other desired characteristics of computer-mediated collaboration. Blindsignatures can be used for digital cash and digital credentials to prove that...
integrity are digital signature, hash chaining and embedded signing key. The solutions for secure social search are blindsignature, zero knowledge proof...
distinct concepts, often conflated: mutagen signatures and tumor signatures. Its original use, mutagen signature, referred to a pattern of mutations made...
'secret mitred dovetail' joint (also called a 'mitred blind dovetail', 'full-blind dovetail', or 'full-blind mitred dovetail') is used in the highest class of...
market capitalization exceeding $1 billion Chaum, David (2013) [1983]. "BlindSignatures for Untraceable Payments" (PDF). In David Chaum (ed.). Advances in...
Global Information