#### DMCA

## Security of Blind Signatures Revisited

Citations: | 2 - 1 self |

### Citations

363 | Security arguments for digital signatures and blind signatures
- Pointcheval, Stern
(Show Context)
Citation Context ...e notion of unforgeability we are concerned with in this paper. A formal definition of the unforgeability of blind signatures schemes (or generally interactive signature schemes) has been proposed by =-=[PS00]-=-. Roughly, their definition states that an adversary that interacts k times with the adversary cannot produce valid signatures on more than k different messages. 3 At this point, one may wonder why th... |

268 | Rethinking Public Key Infrastructure and Digital Certificates— Building in Privacy - Brands - 1999 |

190 | Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme - Boldyreva - 2003 |

189 | signatures for untraceable payments - Blind |

126 | Desinated-confirmer signature systems - Chaum - 1994 |

91 | The one-more-rsa-inversion problems and the security of chaum’s blind signature scheme - Bellare, Namprempre, et al. |

53 | Structurepreserving signatures and commitments to group elements - Abe, Fuchsbauer, et al. - 2010 |

46 | Efficient Blind and Partially Blind Signatures Without Random Oracles - Okamoto - 2006 |

26 | Round-optimal composable blind signatures in the common reference model - Fischlin - 2006 |

24 | Security of blind digital signatures (extended abstract - Juels, Luby, et al. - 1997 |

23 | Efficient Blind Signatures Without Random Oracles - Camenisch, Koprowski, et al. - 2005 |

20 | Efficient Attributes for Anonymous Credentials - Camenisch, Groß - 2008 |

19 | A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures - Abe - 2001 |

18 | Concurrently-secure blind signatures without random oracles or setup assumptions - Hazay, Katz, et al. - 2007 |

13 | On the (Im)possibility of Blind Message Authentication Codes
- Abdalla, Namprempre, et al.
- 2006
(Show Context)
Citation Context ...gner S ∗ to decide which of two messages m0 and m1 has been signed first in two executions with an honest user U. This condition must hold, even if S ∗ is allowed to choose the public key maliciously =-=[ANN06]-=-. If one of these executions has returned ⊥ then the signer is not informed about the other signature either. Definition 4 (Blindness). A blind signature scheme BS = (KG, 〈S, U〉 , Vf) is called blind ... |

12 | On the impossibility of three-move blind signature schemes
- Fischlin, Schröder
- 2010
(Show Context)
Citation Context ...SU11], and some constructions are based on general assumptions [JLO97, Fis06, HKKL07, SU11]. 4Only a few works consider the security of blind signatures [JLO97, PS00, FS09] or their round complexity =-=[FS10]-=-. Notations. Before presenting our results we briefly recall some basic definitions. In what follows we denote by λ ∈ N the security parameter. Informally, we say that a function is negligible if it v... |

12 | Universally-composable two-party computation in two rounds - Horvitz, Katz - 2007 |

9 | A Framework for Universally Composable Non-Committing Blind Signatures - Abe, Ohkubo - 2009 |

5 | Security of blind signatures under aborts - Fischlin, Schröder - 2009 |

4 | C.: U-Prove cryptographic specification v1.0 - Brands, Paquin - 2010 |

2 | U-prove technology overview. http://www.itforum.dk/downloads/ Ronny_Bjones_Uprove.pdf - Bjones - 2010 |

2 | Microsoft u-prove ctp release 2. http://connect.microsoft - U-PROVE - 2011 |

1 | Round optimal blind signatures. Cryptology ePrint Archive, Report 2011/264 - Schröder, Unruh - 2011 |