Main Page | See live article | Alphabetical index In cryptography, a blind signature is a form of digital signature in which the content of a message is disguised (blinded) before it is signed. Blind signatures are used in a number of cryptographic protocols, including various election systems and digital cash schemes. An oft-used analogy to the cryptographic blind signature is the physical act of enclosing a message in an envelope, which is then sealed and signed by a signing agent. Thus, the signer does not view the message content, but a third party can later verify the signature and know that the signature is valid within the limitations of the underlying signature scheme. Blind signatures can also be used to provide unlinkability, which prevents the signer from linking the blinded message it signs to a later un-blinded version that it may be called upon to verify. In this case, the signed, blinded value is un-blinded prior to verification in such a way that the signature remains valid for the un-blinded message. This can be useful in schemes where anonymity is required. Blind signature schemes can be implemented using a number of common public key signing schemes, for instance RSA and DSA. To perform such a signature, the message is first "blinded", typically by combining it in some way with a random "blinding factor". The blinded message is passed to a signer, who then signs it using a standard signing algorithm. The resulting message, along with the blinding factor, can be later verified against the signer's public key. In some blind signature schemes, such as RSA, it is even possible to remove the blinding factor from the signed message before it is verified. Uses Blind signature schemes see a great deal of use in applications where sender privacy is important. This includes various "digital cash" schemes and voting protocols. For example, the integrity of some electronic voting system may require that each ballot be certified by an election authority before it can be accepted for counting; this allows the authority to check the credentials of the voter to insure they are allowed to vote, and that they are not submitting more than one ballot. At the same time, it is important that this authority not learn the voter's selections. A blinded signature provides this guarantee, as the authority will not see the contents of any ballot it signs, and will not be able to link any of the submitted ballots back to the blinded versions it signed. Blind Signature Schemes Blind signature schemes exist for many public key signing protocols. Some examples are provided below. In each example, the message to be signed is contained in the value m. m is considered to be some legitimate input to the signature function. Blind RSA Signatures One of the simplest blind signature schemes is based on RSA signing. A traditional RSA signature is computed by exponentiating the message m with the secret exponent d, all mod a public modulus N. The blind version adds a random value r, such that gcd(r, N) = 1.. r is exponentiated with the public exponent e (mod N), and this value is used as a blinding factor. The signing authority receives the product of m and the blinding factor (mod N), which obscures the message. The blinded signature s' is then calculated as: The author of the message can then remove the blinding factor to reveal s, the valid RSA signature of m: This article is from Wikipedia. All text is available under the terms of the GNU Free Documentation License.