notes

Personal notes
git clone git://git.laack.co/notes.git
Log | Files | Refs

BlindSignature.md (2430B)

      1 # Blind Signature
      2 
      3 **Source:** [Blind Signatures for Untraceable Payments](https://chaum.com/publications/#z62xPL)
      4 
      5 **Definition:** A blind signature is a signature on a message that verifies something about it without leaking information about the content of the message to the signatory.
      6 
      7 ## Analogy
      8 
      9 - Place a completed ballot in a carbon paper lined envelope that has the voter's credentials pre-printed on the outside of the envelope
     10 - A signatory verifies the credentials and signs the envelope
     11     - This would generally amount to making sure the voter's credentials haven't already been used in this election
     12     - Since the envelope is carbon lined, the signatory's signature is transferred to the ballot without them knowing the information on the ballot
     13 - This envelope is given back to the voter
     14 - The voter opens the envelope and places the signed ballot into an unmarked envelope
     15 - The voter anonymously sends the unmarked envelope to the election officiants
     16 - The officiants verify the signatures on each of the ballots and count and put them on display publicly
     17     - Only the voter knows what is on their ballot, allowing some information to be placed on the ballot that is only identifiable by them, to verify their ballot was indeed counted, without anyone else knowing which one was theirs
     18 
     19 The value of this scheme is that 1) no one can link a vote with a voter 2) trust in signatories from voting officials ensures all votes are valid 3) since only the voter knows what is on their ballot, they can put private information on it, allowing them to validate their vote was counted once they are all displayed publicly.
     20 
     21 ## Functions
     22 
     23 1) Signing function s' known to the signer with a corresponding publicly known inverse s, such that s(s'(x)) = x where s doesn't leak information about s'.
     24     - There is a private way to sign a message that is publicly verifiable
     25 2) Commuting function c and its inverse c', known only to the provider (e.g. voter), such that c'(s'(c(x))=s'(x) and c(x) and s' give no information about x.
     26     - I apply a function to my message, send it to the signatory, they sign it, I perform an inversion of the original function I performed on my message such that I am left with a signature on my original message without the signatory knowing what the message is.
     27 3) Redundancy checking predicate r, that checks for sufficient redundancy to make search for valid signatures impractical