commit 4cbde3dca6623ea2d1cd331c7929c36995e73a87
parent 9ade3257ea81474cdb9cb073b85209c68d6093c3
Author: Emmanuel Benoist <emmanuel.benoist@bfh.ch>
Date: Mon, 7 Jul 2025 12:18:56 +0200
Starting explaining Clause-Schnorr from ECDSA
Diffstat:
2 files changed, 75 insertions(+), 3 deletions(-)
diff --git a/doc/cs/article/biblio-blind-signatures.bib b/doc/cs/article/biblio-blind-signatures.bib
@@ -25,4 +25,57 @@
author={Poitras, Laura and Rosenbach, Marcel and Stark, Holger},
journal={Speigel Online},
year={2013}
-}
-\ No newline at end of file
+}
+
+@misc{cryptoeprint:2019:877,
+ author = {Georg Fuchsbauer and
+ Antoine Plouviez and
+ Yannick Seurin},
+ title = {Blind Schnorr Signatures and Signed {ElGamal} Encryption in the Algebraic Group Model},
+ howpublished = {Cryptology {ePrint} Archive, Report 2019/877},
+ year = {2019},
+ note = {\url{https://ia.cr/2019/877} and \url{https://www.youtube.com/watch?v=W-uwVdGeUUs}}
+}
+
+
+@misc{bip:schnorr-bitc,
+ author = {Pieter Wuille, Jonas Nick, Tim Ruffing},
+ title = {Schnorr Signatures for secp256k1},
+ howpublished = {Bitcoin Improvement Proposal, bip-0340},
+ year = {2020},
+ note = {\url{https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki}}
+}
+
+@misc{git:secp256k1-schnorr,
+ author = {Bitcoin Repository},
+ title = {BIP-340 - Module for Schnorr signatures in libsecp256k1},
+ howpublished = {\url{https://github.com/bitcoin/bitcoin/tree/master/src/secp256k1}}
+}
+
+@misc{btc:releasnotes-0.21,
+ author = {Bitcoin.org },
+ title = {0.21.1 Release Notes},
+ howpublished = {\url{https://bitcoin.org/en/releases/0.21.1/}}
+}
+
+@inproceedings{spring:wallet-db-with-observers,
+ author = {Chaum, David
+ and Pedersen, Torben Pryds},
+ editor = {Brickell, Ernest F.},
+ title = {Wallet Databases with Observers},
+ booktitle = {Advances in Cryptology --- CRYPTO' 92},
+ year = {1993},
+ publisher = {Springer Berlin Heidelberg},
+ address = {Berlin, Heidelberg},
+ pages = {89--105},
+ abstract = {Previously there have been essentially only two models for computers that people can use to handle ordinary consumer transactions: (1) the tamper-proof module, such as a smart card, that the person cannot modify or probe; and (2) the personal workstation whose inner working is totally under control of the individual. The first part of this article argues that a particular combination of these two kinds of mechanism can overcome the limitations of each alone, providing both security and correctness for organizations as well as privacy and even anonymity for individuals.},
+ isbn = {978-3-540-48071-6}
+}
+
+@misc{schnorr:perfect-dl-signatures,
+ author = {Claus Peter Schnorr},
+ title = {Enhancing the Security of Perfect Blind DL-Signatures.},
+ howpublished = {Universität Frankfurt},
+ year = {2003},
+ note = {\url{https://d-nb.info/1212446690/34}}
+}
diff --git a/doc/cs/article/blind-signatures.tex b/doc/cs/article/blind-signatures.tex
@@ -1,4 +1,5 @@
\documentclass{article}
+\usepackage{amssymb}
\title{Blind signatures schemes for enhancing the privacy of payees}
@@ -151,11 +152,30 @@ The signature is valid if and only if $r\equiv x_1' mod n$.
\paragraph{Blind signature}
% Fixme Blind signatures Citation
-The blind signature with eliptic cuves has been presented by XXX in \cite{}.
+We first present the Blind Schnorr Signature Scheme which is considered broken. We present the fix in the next paragraph.
+
+We use for this scheme, the same key pair for signing $(q,Q)$ where $Q = q.G$.
+
+Before receiving the message, the signer generates a first random number $r$ (out of $\mathbb{Z}_n$) that will be a private key. The signer generates out of it the corresponding public key $R=rG$. The point $R$ is sent to the user.
+
+The user choses then two random values $\alpha$ and $\beta$ (also out of $\mathbb{Z}_n$). They generate a blinded nonce based on $\alpha$, $\beta$ and the two public keys sent by the signer $R$ and $Q$.
+
+\[R' = R + \alpha G+ \beta Q\]
+
+The user computes a hash of the message (concatenated with the commitment $R'$).
+
+\[ e = h(m\Vert R') \]
+
+This hash is then blinded $e'= e+\beta ~mod~n$. And $e'$ is signed to the signer.
+
\paragraph{Clause-Schnorr signature scheme}
+In this paragraph, we present the Clause-Schnorr improved signature scheme presented in \cite{cryptoeprint:2019:877}.
+
+
+
\section{Post-Quantum solution for blind signature}\label{sec:pq}
