• Nadim Kobeissi's avatar
    New primitive: blind signatures. · d2261c6b
    Nadim Kobeissi authored
    This commit introduces blind signatures, as requested by Verifpal
    user Professor Marko Schuetz-Schmuck from the University of Puerto
    Rico.
    
    Two new primitives are introduced: BLIND and UNBLIND. The interface
    works as follows:
    
    ```
    b = BLIND(k, m)
    SIGN(a, b)
    UNBLIND(k, m, SIGN(a, BLIND(k, m))) = SIGN(a, m)
    ```
    
    The purpose of blind signatures is to allow a party to sign a message
    without having access to its contents. To fulfill this purpose, a sender
    "blinds" a message m with "blinding factor" k and sends the resulting
    blinded message m.
    
    The signer signs the blinded message m with their private key a.
    
    Then, using UNBLIND and their blinding factor k, the sender can "unblind"
    the signature SIGN(a, BLIND(K, m)) and obtain SIGN(a, m).
    
    Therfore, the signer signed the message without knowing it, and the
    sender was able to obtain the signature of the signer on the original
    message without revealing the message.
    
    Note that an attacker possessing b and k can obtain m.
    
    An example model is included in `examples/blind.vp`.
    
    Further testing of this new primitive is very much appreciated.
    
    The Verifpal User Manual and Verifpal for Visual Studio Code will be
    updated momentarily to reflect the new BLIND and UNBLIND primitives.
    d2261c6b
types.go 3.67 KB