Cryptanalysis of a Partially Blind Signature Scheme or How to Make $100 Bills with $1 and $2 Ones
Partially blind signature scheme is a cryptographic primitive mainly used to design efficient and anonymous electronic cash systems. Due to this attractive application, some researchers have focused their interest on it. Cao, Lin and Xue recently proposed such a protocol based on RSA. In this paper we first show that this protocol does not meet the anonymous property since the bank is able to link a signature with a user. We then present a cryptanalysis of this scheme. In practical applications, a consequence would be the possibility for an attacker to forge, for example, valid $100 bills after the withdrawal of only two bank notes of $1 and $2.
KeywordsCryptanalysis partially blind signature electronic cash
Unable to display preview. Download preview PDF.
- 4.Chaum, D.: Blind Signatures for Untraceable Payments. In: Crypto 1982, Plenum, NY, pp. 199–203 (1983)Google Scholar
- 5.Juels, A., Luby, M., Ostrovsky, R.: Security of Blind Digital Signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, Springer, Heidelberg (1997)Google Scholar
- 8.Tsiounis, Y.: Efficient Electronic Cash: New Notions and Techniques. PhD thesis, Northeastern University (June 1997)Google Scholar