diff options
| -rw-r--r-- | taler-fc19/paper.tex | 10 | ||||
| -rw-r--r-- | taler-fc19/ref.bib | 9 |
2 files changed, 13 insertions, 6 deletions
diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index 3fdc1ce..c82f33f 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -772,12 +772,10 @@ Such blind signature protocols have already been used to construct e-cash We require the following two security properties for $\textsc{BlindSign}$:
\begin{itemize}
- \item \emph{blindness}: Let $M$ be the set of all possible messages and $\overline{M}$ be the
- set of all possible blinded messages. Then the distribution of
- \[ \left\{ (m, \overline{m}) \,\middle| m\, \randsel M, \overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m) \right\} \]
- must be computationally
- indistinguishable from
- \[ \left\{ (m, x) \,\middle|\, m \randsel M, x \randsel \overline{M} \right\}. \]
+ \item \emph{blindness}: It should be computationally infeasible for a
+ malicious signer to decide which of two messages and has been signed first
+ in two executions with an honest user. The corresponding game can defined as
+ in Abe and Okamoto \cite{abe2000provably}.
\item \emph{unforgeability}: An adversary that requests $k$ signatures with $\algo{Sign}_{BS}$
is unable to produce $k+1$ valid signatures with non-negligible probability.
\end{itemize}
diff --git a/taler-fc19/ref.bib b/taler-fc19/ref.bib index 4fda028..007ee7d 100644 --- a/taler-fc19/ref.bib +++ b/taler-fc19/ref.bib @@ -2379,3 +2379,12 @@ url = {https://www.crockford.com/wrmg/base32.html} year = 2010, month = may, } + +@inproceedings{abe2000provably, + title={Provably secure partially blind signatures}, + author={Abe, Masayuki and Okamoto, Tatsuaki}, + booktitle={Annual International Cryptology Conference}, + pages={271--286}, + year={2000}, + organization={Springer} +} |