Sciweavers

PKC
2012
Springer

Security of Blind Signatures Revisited

12 years 1 months ago
Security of Blind Signatures Revisited
We revisit the definition of unforgeability of blind signatures as proposed by Pointcheval and Stern (Journal of Cryptology 2000). Surprisingly, we show that this established definition falls short in two ways of what one would intuitively expect from a secure blind signature scheme: It is not excluded that an adversary submits the same message m twice for signing, and then produces a signature for m = m. The reason is that the forger only succeeds if all messages are distinct. Moreover, it is not excluded that an adversary performs k signing queries and produces signatures on k + 1 messages as long as each of these signatures does not pass
Dominique Schröder, Dominique Unruh
Added 29 Sep 2012
Updated 29 Sep 2012
Type Journal
Year 2012
Where PKC
Authors Dominique Schröder, Dominique Unruh
Comments (0)