Restrictive Partially Blind Signatures
Restrictive partially blind signatures are signatures meant to enable a restrictive and partially blind signing.
Restrictive: Once the message contents are agreed upon we cannot change the contents anymore
Partially-Blind: Message being signed-over consists of a public part (info) and a private part (message) which enables the signer to hand out a signature over the half-revealed content
At a high-level the scheme goes as follows:
Round 1: Recipient
Recipient prepares visible information info
and hidden information message
and sends it over
to the signer
Round 2: Signer
Signer receives the message
and info
, computes a commitment x
and sends it over to the recipient
Round 3: Recipient
Recipient computes a challenge c
given the commitment x
and sends the challenge c
to the signer
Round 4: Signer
Signer solves the challenge c
and sends the solution s
back to the recipient
Round 5: Recipient
Recipient combines the challenge c
and solution s
and derives a signature p
This scheme demonstrates the whole process of generating RPBS signatures:
RPBS Functions
commitToSignature(message, info)
Commit to the signature given the information packet containing private and public part of the message
Input:
-
message
- Elliptic curve point representing message -
info
- Public part of information
Output:
-
{ z1, a1, b1, a2 }
- Set of constants encoding the commitment
computeChallenge(commitment, messagePoint, info, publicKey)
Compute the challenge for round2 given the signature commitment
Input:
-
commitment
- Commitment from the functioncommitToSignature
-
messagePoint
- Message encoded on the elliptic curve point -
info
- Public part of information -
publicKey
- Public key of the signer
Output:
-
{ c }
- the challenge
solveChallenge(challenge)
Solve the challenge provided by the recipient
Input:
-
challenge
- Challenge from the functioncomputeChallenge
Output:
-
{ c1, s1, c2, s2 }
- Set of constants encoding challenge solution
unblindSignature(challenge, challengeSolution, commitment, publicKey, message, info)
Unblind the signature provided the data from previous rounds
-
challenge
- Challenge computed in the functioncomputeChallenge
-
challengeSolution
- Solution from the functionsolveChallenge
-
commitment
- Commitment to the signature from functioncommitToSignature
-
publicKey
- Public key of the signer -
message
- Hash of the message (private part) -
info
- Public part of the message
Output:
-
{ z1Hat, c1Hat, s1Hat, c2Hat, s2Hat, m1Hat }
- Set of constants encoding unblinded signature with the messagem1Hat
verifySignature(publicKey, info, signature)
Verify the signature unblinded in the function unblindSignature
Input:
-
publicKey
- Public key of the signer -
info
- Public part of the message -
signature
- Signature unblinded inunblindSignature
(containsm1Hat
)
Output:
-
true / false
- Signature validity