Đang chuẩn bị liên kết để tải về tài liệu:
Security of Blind Digital Signatures
Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
A digital signature scheme allows one to “sign” documents in such a way that everyone can verify the validity of authentic signatures, but no one can forge signatures of new documents. | Security of Blind Digital Signatures Revised Extended Abstract Ari Juels1 Michael Luby2 Rafail Ostrovsky3 1 RSA Laboratories. Email ari@rsa.com. 2 Digital Fountain 3 UCLA Email rafail@cs.ucla.edu. Abstract. Blind digital signatures were introduced by Chaum. In this paper we show how security and blindness properties for blind digital signatures can be simultaneously defined and satisfied in the common reference string model assuming an arbitrary one-way trapdoor permutation family. Thus this paper presents the first complexity-based proof of security for blind signatures. 1 Introduction A digital signature scheme allows one to sign documents in such a way that everyone can verify the validity of authentic signatures but no one can forge signatures of new documents. The strongest definition of security for a digital signature scheme was put forth by Goldwasser Micali and Rivest 17 . Several schemes based on both specific and general complexity assumptions were subsequently shown to satisfy this strongest definition. A variation on basic digital signatures known as blind digital signatures was proposed by Chaum. Blind digital signature schemes include the additional requirement that a signer can sign a document which is given to him in some encrypted form without knowing what the document contains. Blind digital signatures play a central role in anonymous electronic cash applications. In this paper we show how security and blindness properties in digital signatures can be simultaneously defined and satisfied assuming an arbitrary one-way trapdoor permutation family. While our construction achieves the strongest guarantees under general complexity assumptions and runs in polynomial time in all the parameters it is quite complicated and inefficient. The contribution of this paper is therefore twofold 1 we show that the notions of blindness and security can be simultaneously formalized and 2 we exhibit a constructive proof of existence of Part of this work was done .