commit 68b2c69b2eb15280768db1fc828bcd30b360d9a1
parent b384d758b2c102f3b08ff5610902de967194ee83
Author: Emmanuel Benoist <emmanuel.benoist@bfh.ch>
Date: Thu, 3 Jul 2025 08:31:29 +0200
Adding the RSA Chaum scheme to the article
Diffstat:
1 file changed, 26 insertions(+), 0 deletions(-)
diff --git a/doc/cs/article/blind-signatures.tex b/doc/cs/article/blind-signatures.tex
@@ -101,6 +101,32 @@ In the last section (Section~\ref{sec:comparison}) we compare the advantages and
\section{RSA blind signature}\label{sec:rsa}
+RSA blind signature scheme has been presented by Chaum \cite{chaum1983blind}. The principle is derived from RSA.
+
+In our example, a requester sends a blinded message to the signer, and the signer signs it. The requester can unblind the message and provide a valid signature for it.
+
+The signer has a pair of RSA keys RSA public key: $(n,e)$ and a RSA private key: $d$. Let $m$ be the message to be signed and $r$ be a random number called the blinding factor, such that $gcd(r,n)=1$.
+
+The requester wants to let the user sign $m$ with their private key $(n,e)$ without knowning the content of the message $m$.
+
+The requester generates another message $m'$, where $m'=m.r^e~mod n$. Then they send this message to the signer.
+
+The signer computes $s'=(m')^d~mod n$ and sends it back to the requester.
+
+The requester generates the signature $s$ our of $s'$ using $s=s'.r^{-1}~mod n$.
+
+The requester has now with $m$ and $s$ a message and its valid signature.
+
+\[ s=(m.r^e)^d.r^{-1}=m^d.r^{ed}.r-1\equiv m^d~mod n\]
+
+% The scheme is unfortunately not EUF secure, which means, that given a public key $(n,e)$, it is possible to construct a message with its valid signature.
+
+% The solution is to use a full domain hash function (FDH). A FDH is a cryptographic hash function $h()$ that transforms any message into an image having exactly the same length as the size of the RSA modulo $m$.
+
+% The hash function is simply used on m before the signature and the verification
+
+
+
\section{Clause Schnorr blind signature}\label{sec:cs}
\section{Post-Quantum solution for blind signature}\label{sec:pq}
