Equivocal Blind Signatures and Adaptive UC-Security

Aggelos Kiayias, Hong-Sheng Zhou

Research output: Chapter in Book/Report/Conference proceedingConference contribution


We study the design of adaptively secure blind signatures in the universal composability (UC) setting. First, we introduce a new property for blind signature schemes that is suitable for arguing security against adaptive adversaries: an equivocal blind signature is a blind signature where there exists a simulator that has the power of making signing transcripts correspond to any message signature pair. Second, we present a general construction methodology for building adaptively secure blind signatures: the starting point is a 2-move “equivocal lite blind signature”, a lightweight 2-party signature protocol that we formalize and implement both generically as well as concretely; formalizing a primitive as “lite” means that the adversary is required to show all private tapes of adversarially controlled parties; this enables us to conveniently separate zero-knowledge (ZK) related security requirements from the remaining security properties in the blind signature design methodology. Next, we focus on the suitable ZK protocols for blind signatures. We formalize two special ZK ideal functionalities, single-verifier-ZK (SVZK) and single-prover-ZK (SPZK), both special cases of multi-session ZK that may be of independent interest, and we investigate the requirements for realizing them in a commit-and-prove fashion as building blocks for adaptively secure UC blind signatures. Regarding SPZK we find the rather surprising result that realizing it only against static adversaries is sufficient to obtain adaptive security for UC blind signatures.We instantiate all the building blocks of our design methodology both generically based on the blind signature construction of Fischlin as well as concretely based on the 2SDH assumption of Okamoto, thus demonstrating the feasibility and practicality of our approach. The latter construction yields the first practical UC blind signature that is secure against adaptive adversaries. We also present a new more general modeling of the ideal blind signature functionality. Equivocal Blind Signatures and Adaptive UC-Security (PDF Download Available). Available from: https://www.researchgate.net/publication/221354027_Equivocal_Blind_Signatures_and_Adaptive_UC-Security [accessed May 6, 2016].
Original languageEnglish
Title of host publicationTheory of Cryptography
Subtitle of host publicationFifth Theory of Cryptography Conference, TCC 2008, New York, USA, March 19-21, 2008. Proceedings
EditorsRan Canetti
Place of PublicationBerlin, Heidelberg
PublisherSpringer Berlin Heidelberg
Number of pages16
ISBN (Electronic)978-3-540-78524-8
ISBN (Print)978-3-540-78523-1
Publication statusPublished - 2008

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin Heidelberg
ISSN (Print)0302-9743

Fingerprint Dive into the research topics of 'Equivocal Blind Signatures and Adaptive UC-Security'. Together they form a unique fingerprint.

Cite this