On the (im)possibility of blind message authentication codes

Authors:
Michel Abdalla;Chanathip Namprempre;Gregory Neven
Affiliations:
Departement d’Informatique, ’Ecole normale sup’erieure, Paris, France;Electrical Engineering Department, Thammasat University, Klong Luang, Patumtani, Thailand;Departement d’Informatique, ’Ecole normale sup’erieure, Paris, France
Venue:
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Year:
2006

Citing 10
Cited 4

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Untraceable electronic cash

CRYPTO '88 Proceedings on Advances in cryptology
Security of Blind Digital Signatures (Extended Abstract)

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
A Practical Secret Voting Scheme for Large Scale Elections

ASIACRYPT '92 Proceedings of the Workshop on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
A Secure Three-Move Blind Signature Scheme for Polynomially Many Signatures

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Receipt-Free Electronic Voting Schemes for Large Scale Elections

Proceedings of the 5th International Workshop on Security Protocols
Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Protocols for secure computations

SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
Fair secure two-party computation

EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Efficient blind signatures without random oracles

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks

Simulatable Adaptive Oblivious Transfer

EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Concurrently-secure blind signatures without random oracles or setup assumptions

TCC'07 Proceedings of the 4th conference on Theory of cryptography
Round optimal blind signatures

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Security of blind signatures revisited

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

Blind signatures allow a signer to digitally sign a document without being able to glean any information about the document. In this paper, we investigate the symmetric analog of blind signatures, namely blind message authentication codes (blind MACs). One may hope to get the same efficiency gain from blind MAC constructions as is usually obtained when moving from asymmetric to symmetric cryptosystems. Our main result is a negative one however: we show that the natural symmetric analogs of the unforgeability and blindness requirements cannot be simultaneously satisfied. Faced with this impossibility, we show that blind MACs do exist (under the one-more RSA assumption in the random oracle model) in a more restrictive setting where users can share common state information. Our construction, however, is only meant to demonstrate the existence; it uses an underlying blind signature scheme, and hence does not achieve the desired performance benefits. The construction of an efficient blind MAC scheme in this restrictive setting is left as an open problem.