blinding signature

Blind signature is a cryptography scheme introduced by David Chaum. Blind signature scheme is used when the author and the signer of a message are not the same. For example, when voters want to cast their votes to voting center , they need a signature from election authority to prove that they are one of the citizens of the nation. Why do we need blind signature? In this voting example, we want to keep the privacy of all the voters. We don’t want anybody, including the election authority knowing the choices of voters.

I will introduce some background of blind signature first.

A hash function H(x) can map arbitrary number of bits into fixed number of bits, like SHA256 or SHA3.

Hash functions are required to satisfied some properties. The most mentionable one of the properties is preimage resistant. That is when H(x) is known to adversary, it’s infeasible to find out x. This property can protect the voter from adversary attack as we will show below.

##Asymmetric encryption scheme ##
Asymmetric encryption scheme is also called public key cryptography. In asymmetric encryption scheme, a person has a pair of keys : public key and private key. Public key is known to everyone, but private key is only known to himself. Whoever want to send messages to him should encrypt those messages with his public key. When he receives those messages, he can decrypt it with his private key. RSA is a typical a symmetric encryption scheme developed by Ron Rivest, Adi Shamir, and Leonard Adleman.
Here is how RSA works:

Alice's public key : e
Alice's private key: d
Message from Bob: m
A large number known to both of Alice and Bob : n

In the formula, what Bob send to Alice is m^e(mod)n. Alice decrypt it with d: (m^e)^d(mod n) ,and get the original message m. I don’t want to show the details or to prove RSA works correctly. If you are interested in it, you may refer to wikipedia. What you are required to know here is how private key and public key interact with each other and get the original message.

RSA can be used as a signature scheme to authenticate that a message is send from a particular part.
Suppose m is a message that Alice wants to send to everybody. How can others assure that the message really come from Alice?

Here is how it works:

Alice do not only send m , but also concatenate s = m^d (mod n) with it. When others receive the message , they check whether s^e equals m. If it’s true, people will believe that the message really come from Alice. Because Alice is the only person who holds private key d.

Now that you have learned all of the background of blind signature.

The blind signature procedure can be categorized into 3 stages: blinding, signing and unblinding as you can find below:

The first step is blinding. Assume the voter’s message is M, the private key and public key of election authority is d and e respectively. What the voter needed is a signature from election authority : H(M)^d(mod n). The voter randomly choose a number r, then send election authority H(M).r^e(mod n).

The next step is signing, the election authority check the identity of the voter. If it’s valid for the voter to cast a vote, the election will send back to the voter (H(M).r^e)^d = H(M)^d.r (mod n) .

The final step is unblinding. Because voter know r , he can remove r from H(M)^d.r (mod n) and finally get H(M)^d(mod n). What he can do now is to send M concatenate H(M)^d(mod n) to the voting center.

That’s the end of the story.
The most important feature of blind signature is that it protects the privacy of every voters and provide a solid technological foundation for democracy election.