Two-Round Concurrent Blind Signatures without Random Oracles

We present the first blind signature scheme that is efficient and provably secure without random oracles under concurrent attacks utilizing only two rounds of short communication. The scheme is based on elliptic curve groups for which a bilinear map exists and on extractable and equivocable commitments. The unforgeability of the employed signature scheme is guarranteed by the LRSW assumption while the blindness property of our scheme is guarranteed by the Decisional Linear Diffie Hellman assumption. We prove our construction secure under the above assumptions as well as the DCR and DLOG assumptions in the concurrent attack model of Juels, Luby and Ostrovsky from Crypto ’97. Our construction is the first scheme that instantiates the security definition of Juels et al. with an efficient construction in the standard model. We consider various modifications to our basic protocol that inlude a blind signature scheme with revokable blindness as well as a blind signature that incorporates a “public-tagging” mechanism. The latter extension of our scheme gives rise to a partially blind signature with the same efficiency and security properties as our basic scheme. ∗University of Connecticut, Computer Science and Engineering, Storrs, CT, USA, {aggelos,hszhou}@cse.uconn.edu. Research partly supported by NSF CAREER Award CNS-0447808.