Mathematics blind signature in blockchain

blocksight 2021-05-18 17:09:24 阅读数:709

mathematics blind signature blockchain

Write it at the front

In the last introduction sigma Protocol extension , We see some clues to the development of signature mechanism , Although signature has introduced many common algorithms , But there are still some special application scenarios that are not mentioned , For example, blind signature , Blockchain privacy project Monero Ring signature and so on , The difference is , These are not independent , Self organized , It depends on the previous Signature Base , Suite, combination, transformation, etc .

This paper focuses on the blind signature mechanism , Although we haven't seen any application in the blockchain yet , If you see it, please let me know !

Blind signature (Blind Signature)

Blind signature is different from general digital signature , The general idea of digital signature is to generate a series of digital strings which can only be generated by the sender and can not be forged by others , This digital string is also an effective proof of the authenticity of the information sent by the sender . The difference is , The signer of blind signature does not know the specific content of the message it signs , Only at some point in the future ( In the capacity of notary public ) Prove the authenticity of the signature .

It has the following properties :

  1. The message the signer signs to is invisible ( This is it. “ blind ” The meaning of ), That is, the signer does not know the specific content of the message he signed .
  2. The signature message is not traceable , That is, when the signature message is published , The signer can't know when it's him / Which one signed .

Note that the nature of the general signature is omitted here ( Unforgeability and non repudiation ).

Blind signature process

In general, the role of the signature process is only one signer , But blind signature can't be the same role , Because the original message has to be blinded by another provider , Called the receiver of the signed message . The overall process :

  1. The receiver first performs blind transformation on the data to be signed , Send the transformed blind data to the signer .
  2. Send it to the receiver after it is signed by the signer .
  3. The receiver makes blind transformation to the signature , The result is the signer's blind signature of the original data .

Two properties of blind signature should be guaranteed in the process , It is necessary to make the signer see the blind signature afterwards and not connect with the blind data .

Specific projects can be realized in many ways , The following is an introduction to RSA A combined solution !

RSA Blind signature principle

hypothesis A It's the receiver ,B It's the signer , Private key d, And make it public RSA Public key (n,e), A Give Way B Blind signature message m, technological process :

  1. A Select the blind factor r, Calculation $m' = m * r^e\ mod\ n$
  2. B Yes m' To sign $m'^d=(m * r^e)^d\ mod\ n$
  3. A Go blind and get the original signature $s =m'^d * r^{-1}=m^d\ mod\ n$

It is easy to prove its correctness , I won't repeat ( About RSA Please refer to historical articles for details )!


Blind signature can be regarded as a variant of ordinary signature , Realize special applications .RSA The solution is simple and easy to understand , The actual code engineering needs some extra processing , It may need to be filled and so on .

Okay , The next section continues with Monero The ring signature principle used in the project !

Link to the original text : Welcome to the official account :blocksight

Related reading

Mathematics in blockchain - sigma agreement OR Proof& Signature sigma Protocol extension --OR proof

Mathematics in blockchain -sigma Deal with the Fiat-Shamir Transformation sigma Deal with the Fiat-Shamir Transformation

Mathematics in blockchain - What is zero knowledge proof ? What is zero knowledge proof

Mathematics in blockchain - RSA Non member proof of accumulator RSA Accumulator Non member proof and blockchain applications

Mathematics in blockchain - Accumulator( accumulator ) Accumulator and RSA Accumulator

Mathematics in blockchain - Kate promise batch opening Kate Promise volume Certification

Mathematics in blockchain - I promise Knowledge and commitment

Mathematics in blockchain - Pedersen Key sharing Pedersen Key sharing

Mathematics in blockchain - Pedersen promise Cryptography promises --Pedersen promise

Mathematics in blockchain - Inadvertently transmit Oblivious transport protocol

Mathematics in blockchain - RSA Algorithm encryption and decryption process and principle RSA Encryption and decryption algorithm

Mathematics in blockchain - BLS Threshold signature BLS m of n Threshold signature

Mathematics in blockchain - BLS Key aggregation BLS Key aggregation

Schorr Signature Basics Schorr Signature and elliptic curve

Mathematics in blockchain -Uniwap Automated market maker core algorithm analysis Uniwap Core algorithm analysis ( in )