Security of blind signatures under aborts and applications to adaptive oblivious transfer

Journal article
(Original article)

Publication Details

Author(s): Schröder D, Fischlin M
Journal: Journal of Mathematical Cryptology
Publication year: 2012
Volume: 5
Journal issue: 2
Pages range: 169-203
ISSN: 1862-2976
Language: English


We explore the security of blind signatures under aborts where the user or the signer may stop the interactive signature issue protocol prematurely. Several works on blind signatures discuss security only in regard of completed executions and usually do not impose strong security requirements in case of aborts. One of the exceptions is the paper of Camenisch, Neven and Shelat (Eurocrypt 2007) where the notion of selectivefailure blindness has been introduced. Roughly speaking, selective-failure blindness says that blindness should also hold in case the signer is able to learn that some executions have aborted. Here we augment the work of Camenisch et al. by showing how to turn every secure blind signature scheme into a selective-failure blind signature scheme. Our transformation only requires an additional computation of a commitment and therefore adds only a negligible overhead. We also study the case of multiple executions and notions of selective-failure blindness in this setting. We then discuss the case of user aborts and unforgeability under such aborts. We show that every three-move blind signature scheme remains unforgeable under such user aborts. Together with our transformation for selective-failure blindness we thus obtain an easy solution to ensure security under aborts of either party and which is applicable for example to the schemes of Pointcheval and Stern (Journal of Cryptology, 2000). We finally revisit the construction of Camenisch et al. for simulatable adaptive oblivious transfer protocols, starting from selective-failure blind signatures where each message only has one valid signature (uniqueness). While our transformation to achieve selective-failure blindness does not preserve uniqueness, it can still be combined with a modified version of their protocol. Hence, we can derive such oblivious transfer protocols based on unique blind signature schemes only (in the random oracle model), without necessarily requiring selective-failure blindness from scratch. © de Gruyter 2011.

FAU Authors / FAU Editors

Schröder, Dominique Prof. Dr.
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)

How to cite

Schröder, D., & Fischlin, M. (2012). Security of blind signatures under aborts and applications to adaptive oblivious transfer. Journal of Mathematical Cryptology, 5(2), 169-203.

Schröder, Dominique, and Marc Fischlin. "Security of blind signatures under aborts and applications to adaptive oblivious transfer." Journal of Mathematical Cryptology 5.2 (2012): 169-203.


Last updated on 2018-11-12 at 13:50