Cryptanalysis of a partially blind signature scheme or how to make $100 bills with $1 and $2 ones

Authors:
Gwenaëlle Martinet;Guillaume Poupard;Philippe Sola
Affiliations:
DCSSI Crypto Lab, Paris 07 SP, France;DCSSI Crypto Lab, Paris 07 SP, France;DCSSI Crypto Lab, Paris 07 SP, France
Venue:
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
Year:
2006

Citing 4
Cited 1

On the generation of cryptographically strong pseudorandom sequences

ACM Transactions on Computer Systems (TOCS)
Provably Secure Partially Blind Signatures

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Security of Blind Digital Signatures (Extended Abstract)

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
How to Date Blind Signatures

ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology

Forgeability of Wang-Tang-Li's ID-based restrictive partially blind signature scheme

Journal of Computer Science and Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Partially blind signature scheme is a cryptographic primitive mainly used to design efficient and anonymous electronic cash systems. Due to this attractive application, some researchers have focused their interest on it. Cao, Lin and Xue recently proposed such a protocol based on RSA. In this paper we first show that this protocol does not meet the anonymous property since the bank is able to link a signature with a user. We then present a cryptanalysis of this scheme. In practical applications, a consequence would be the possibility for an attacker to forge, for example, valid $100 bills after the withdrawal of only two bank notes of $1 and $2.