From 973b974fabd14a7a63110f5e06fb404c38ae4b59 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Tue, 25 Sep 2018 13:00:39 +0200 Subject: blindness --- taler-fc19/paper.tex | 10 ++++------ taler-fc19/ref.bib | 9 +++++++++ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/taler-fc19/paper.tex b/taler-fc19/paper.tex index 3fdc1ce..c82f33f 100644 --- a/taler-fc19/paper.tex +++ b/taler-fc19/paper.tex @@ -772,12 +772,10 @@ Such blind signature protocols have already been used to construct e-cash We require the following two security properties for $\textsc{BlindSign}$: \begin{itemize} - \item \emph{blindness}: Let $M$ be the set of all possible messages and $\overline{M}$ be the - set of all possible blinded messages. Then the distribution of - \[ \left\{ (m, \overline{m}) \,\middle| m\, \randsel M, \overline{m} \leftarrow \algo{Blind}_{BS}(\mathcal{S}(\V{sk}), m) \right\} \] - must be computationally - indistinguishable from - \[ \left\{ (m, x) \,\middle|\, m \randsel M, x \randsel \overline{M} \right\}. \] + \item \emph{blindness}: It should be computationally infeasible for a + malicious signer to decide which of two messages and has been signed first + in two executions with an honest user. The corresponding game can defined as + in Abe and Okamoto \cite{abe2000provably}. \item \emph{unforgeability}: An adversary that requests $k$ signatures with $\algo{Sign}_{BS}$ is unable to produce $k+1$ valid signatures with non-negligible probability. \end{itemize} diff --git a/taler-fc19/ref.bib b/taler-fc19/ref.bib index 4fda028..007ee7d 100644 --- a/taler-fc19/ref.bib +++ b/taler-fc19/ref.bib @@ -2379,3 +2379,12 @@ url = {https://www.crockford.com/wrmg/base32.html} year = 2010, month = may, } + +@inproceedings{abe2000provably, + title={Provably secure partially blind signatures}, + author={Abe, Masayuki and Okamoto, Tatsuaki}, + booktitle={Annual International Cryptology Conference}, + pages={271--286}, + year={2000}, + organization={Springer} +} -- cgit v1.2.3