-
Nadim Kobeissi authored
This commit introduces blind signatures, as requested by Verifpal user Professor Marko Schuetz-Schmuck from the University of Puerto Rico. Two new primitives are introduced: BLIND and UNBLIND. The interface works as follows: ``` b = BLIND(k, m) SIGN(a, b) UNBLIND(k, m, SIGN(a, BLIND(k, m))) = SIGN(a, m) ``` The purpose of blind signatures is to allow a party to sign a message without having access to its contents. To fulfill this purpose, a sender "blinds" a message m with "blinding factor" k and sends the resulting blinded message m. The signer signs the blinded message m with their private key a. Then, using UNBLIND and their blinding factor k, the sender can "unblind" the signature SIGN(a, BLIND(K, m)) and obtain SIGN(a, m). Therfore, the signer signed the message without knowing it, and the sender was able to obtain the signature of the signer on the original message without revealing the message. Note that an attacker possessing b and k can obtain m. An example model is included in `examples/blind.vp`. Further testing of this new primitive is very much appreciated. The Verifpal User Manual and Verifpal for Visual Studio Code will be updated momentarily to reflect the new BLIND and UNBLIND primitives.
d2261c6b