Current location - Quotes Website - Signature design - On the problem of "blind signature" (paper)
On the problem of "blind signature" (paper)
What is blind signature? What are its advantages and disadvantages?

The background is electronic cash, generally signed, and the signature sent by the signer must be remembered. For example, when and where it was sent to whom, he can write it down himself. However, if the signature is regarded as electronic cash, it involves anonymity. For example, when you use real money, does it have your name written on it? Of course not. Then I don't want banks to track their signatures to get users' consumption. So we designed a blind signature. Simply put, blind signing means that after signing a message, after a while, you show him this signature, and he will stare at you and ask: Hey, did I sign this? No, this is my public key. God, when have I ever done such a stupid thing to you1million? Hehe, we hope to achieve this effect. Of course, this is a bit exaggerated. Let's describe the nature of electronic cash:

An ideal electronic cash system should have the following characteristics:

Independence: the security of electronic cash does not depend on any physical location, and electronic cash can be transmitted through computer networks.

Conditional Anonymity: Use cash without revealing the identity of legitimate users, if necessary (such as users suspected of extortion, extortion,

Illegal purchase, bribery, etc. ) can be revoked by a trusted third party.

Unforgettable: No one can forge electronic cash except the legal issuance of electronic cash by banks.

Non-repeatable consumption: electronic cash can only be used once, and repeated consumption will be found with great probability.

Separability: Electronic cash can be divided into smaller amounts of cash, but the total amount remains the same.

Transitivity: users can lend electronic cash to others at will without being tracked.

Inconnectability: users' different electronic cash cannot be connected.

Offline payment: When users pay electronic cash, the store does not need to verify with the bank online.

Blind signature

Blind signature is proposed in 1982. Blind signature has been widely used in e-commerce and e-election because it is blind and can effectively protect the specific content of the signed message.

Blind signature allows the sender to blind the message first, then let the signer sign the blind message, and finally the message owner removes the blind factor in the signature to get the signer's signature on the original message. Blind signature is a special digital signature technology adopted by the receiver, which does not allow the signer to obtain the specific content of the signed message. In addition to the general digital signature conditions, the following two attributes must be met:

1. The signer is invisible to the message he signed, that is, the signer does not know the specific content of the message he signed.

2. The signature message is untraceable, that is, when the signature message is made public, the signer cannot know when he signed it.

Regarding blind signature, a very intuitive explanation is given: the so-called blind signature is to put the hidden file into the envelope first, and the process of removing the blind factor is to open the envelope. No one can read the document when it is in the envelope. Signing a document means putting carbon paper in an envelope. When the signer signs the envelope, his signature will be signed on the document through carbon paper.

Generally speaking, a good blind signature should have the following properties:

1. unforgettable. No one can generate a valid blind signature in his own name except the signer himself. This is a basic attribute.

2. It is undeniable. Once the signer signs the message, he can't deny his signature.

3. blindness. Although the signer signed the message, it is impossible for him to get the specific content of the message.

4. untraceability. Once the signature of a message is made public, the signer cannot be sure when he signed it.

Blind signatures satisfying the above properties are considered to be secure. These four properties are not only the standards we should follow in designing blind signatures, but also the basis for judging the performance of blind signatures.

In addition, the operability and efficiency of the scheme are also very important when designing blind signatures.

Factors. The operability and implementation speed of blind signature depend on the following aspects:

1. The length of the key;

2. The length of blind signature;

3. Algorithm and verification algorithm of blind signature.