Rerandomizable Threshold Blind Signatures

  • Veronika KuchtaEmail author
  • Mark Manulis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9473)


This paper formalizes the concept of threshold blind signatures (TBS) that bridges together properties of the two well-known signature flavors, blind signatures and threshold signatures. Using TBS users can obtain signatures through interaction with t-out-of-n signers without disclosing the corresponding message to any of them. Our construction is the first TBS scheme that achieves security in the standard model and enjoys the property of being rerandomizable. The security of our construction holds according to most recent security definitions for blind signatures by Schröder and Unruh (PKC 2012) that are extended in this work to the threshold setting.

Rerandomizable TBS schemes enable constructions of distributed e-voting and e-cash systems. We highlight how TBS can be used to construct the first e-voting scheme that simultaneously achieves privacy, soundness, public verifiability in the presence of distributed registration authorities, following the general approach by Koenig, Dubuis, and Haenni (Electronic Voting 2010), where existence of TBS schemes was assumed but no construction given. As a second application, we discuss how TBS can be used to distribute the currency issuer role amongst multiple parties in a decentralized e-cash system proposed by Miers et al.(IEEE S&P 2013).


Blind Signature Random Oracle Model Blind Signature Scheme Common Reference String Public Verifiability 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abe, M.: A secure three-move blind signature scheme for polynomially many signatures. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 136–151. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  2. 2.
    Abe, M., Fehr, S.: Adaptively secure Feldman VSS and applications to universally-composable threshold cryptography. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 317–334. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  3. 3.
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-preserving signatures and commitments to group elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  4. 4.
    Abe, M., Ohkubo, M.: A framework for universally composable non-committing blind signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 435–450. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  5. 5.
    Abe, M., Okamoto, T.: Provably secure partially blind signatures. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 271–286. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  6. 6.
    Baudron, O., Fouque, P., Pointcheval, D., Stern, J., Poupard, G.: Practical multi-candidate election system. In: Proceedings of the Twentieth Annual ACM Symposium on Principles of Distributed Computing, PODC 2001, pp. 274–283. ACM (2001)Google Scholar
  7. 7.
    Bellare, M., Namprempre, C., Pointcheval, D., Semanko, M.: The power of RSA inversion oracles and the security of Chaum’s RSA-based blind signature scheme. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 309–328. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  8. 8.
    Benaloh, J.C., Tuinstra, D.: Receipt-free secret-ballot elections (extended abstract). In: Proceedings of the 26th Annual ACM Symposium on Theory of Computing, pp. 544–553. ACM (1994)Google Scholar
  9. 9.
    Blazy, O., Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Signatures on randomizable ciphertexts. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 403–422. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  10. 10.
    Blazy, O., Fuchsbauer, G., Pointcheval, D., Vergnaud, D.: Short blind signatures. J. Comput. Secur. 21(5), 627–661 (2013)Google Scholar
  11. 11.
    Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-diffie-hellman-group signature scheme. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 31–46. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  12. 12.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 56–73. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  13. 13.
    Brands, S.: Untraceable off-line cash in wallets with observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994) Google Scholar
  14. 14.
    Brands, S.A.: An efficient off-line electronic cash system based on the representation problem. Technical report, Amsterdam, The Netherlands (1993)Google Scholar
  15. 15.
    Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials. In: Proceedings of the 2008 ACM Conference on Computer and Communications Security, CCS 2008, pp. 345–356. ACM (2008)Google Scholar
  16. 16.
    Camenisch, J.L., Hohenberger, S., Lysyanskaya, A.: Compact e-Cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  17. 17.
    Camenisch, J.L., Koprowski, M., Warinschi, B.: Efficient blind signatures without random oracles. In: Blundo, C., Cimato, S. (eds.) SCN 2004. LNCS, vol. 3352, pp. 134–148. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  18. 18.
    Camenisch, J., Lysyanskaya, A., Meyerovich, M.: Endorsed e-cash. In: 2007 IEEE Symposium on Security and Privacy (S&P 2007), pp. 101–115. IEEE Computer Society (2007)Google Scholar
  19. 19.
    Camenisch, J.L., Neven, G., Shelat, A.: Simulatable adaptive oblivious transfer. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 573–590. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  20. 20.
    Cetinkaya, O., Cetinkaya, D.: Verification and validation issues in electronic voting. Electron. J. e-Government 5, 117–126 (2007)Google Scholar
  21. 21.
    Chaum, D.: Blind signatures for untraceable payments. CRYPTO 1982, pp. 199–203. Springer, Heidelberg (1982) Google Scholar
  22. 22.
    Chaum, D.: Elections with unconditionally-secret ballots and disruption equivalent to breaking RSA. In: Günther, C.G. (ed.) EUROCRYPT 1988. LNCS, vol. 330, pp. 177–182. Springer, Heidelberg (1988) Google Scholar
  23. 23.
    Chaum, D., Fiat, A., Naor, M.: Untraceable electronic cash. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 319–327. Springer, Heidelberg (1990) Google Scholar
  24. 24.
    Cramer, R., Damgård, I.B., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994) Google Scholar
  25. 25.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997) Google Scholar
  26. 26.
    Desmedt, Y.G.: Society and group oriented cryptography: a new concept. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 120–127. Springer, Heidelberg (1988) Google Scholar
  27. 27.
    Desmedt, Y.G., Frankel, Y.: Shared generation of authenticators and signatures. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 457–469. Springer, Heidelberg (1992) Google Scholar
  28. 28.
    Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symposium on Foundations of Computer Science, pp. 427–437. IEEE Computer Society (1987)Google Scholar
  29. 29.
    Fischlin, M.: Round-optimal composable blind signatures in the common reference string model. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 60–77. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  30. 30.
    Franklin, M., Yung, M.: Towards provably secure efficient electronic cash. Technical report TR CUSC-018-92, Columbia University, Department of Computer Science (1993). Also in: Lingas, A., Carlsson, S., Karlsson, R. (eds.): ICALP 1993. LNCS, vol. 700. Springer, Heidelberg (1993)Google Scholar
  31. 31.
    Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993) Google Scholar
  32. 32.
    Garg, S., Rao, V., Sahai, A., Schröder, D., Unruh, D.: Round optimal blind signatures. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 630–648. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  33. 33.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996) Google Scholar
  34. 34.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999) Google Scholar
  35. 35.
    Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444–459. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  36. 36.
    Groth, J.: Short pairing-based non-interactive zero-knowledge arguments. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 321–340. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  37. 37.
    Groth, J., Ostrovsky, R., Sahai, A.: Non-interactive Zaps and New Techniques for NIZK. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 97–111. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  38. 38.
    Hofheinz, D., Jager, T., Knapp, E.: Waters Signatures with Optimal Security Reduction. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 66–83. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  39. 39.
    Horvitz, O., Katz, J.: Universally-composable two-party computation in two rounds. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 111–129. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  40. 40.
    Juels, A., Catalano, D., Jakobsson, M.: Coercion-resistant electronic elections. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, pp. 61–70. ACM (2005)Google Scholar
  41. 41.
    Juels, A., Luby, M., Ostrovsky, R.: Security of blind digital signatures. In: Kaliski Jr, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 150–164. Springer, Heidelberg (1997) CrossRefGoogle Scholar
  42. 42.
    Kiayias, A., Zhou, H.-S.: Equivocal blind signatures and adaptive UC- security. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 340–355. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  43. 43.
    Kim, J.-H., Kim, K., Lee, C.S.: An efficient and provably secure threshold blind signature. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 318–327. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  44. 44.
    Koenig, R.E., Dubuis, Haenni, R.: Why public registration boards are required in e-voting systems based on threshold blind signature protocols. In: Electronic Voting 2010, EVOTE 2010, 4th International Conference, Co-organized by Council of Europe, Gesellschaft für Informatik and E-Voting.CC, vol. 167 LNI, pp. 255–266. GI (2010)Google Scholar
  45. 45.
    Lee, B., Kim, K.: Receipt-free electronic voting scheme through collaborationf of voter and honest verifier. In: Proceeding of JW-ISC 2000, pp. 101–108 (2000)Google Scholar
  46. 46.
    Li, J., Yuen, T.H., Kim, K.: Practical threshold signatures without random oracles. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 198–207. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  47. 47.
    Lysyanskaya, A., Peikert, C.: Adaptive security in the threshold setting: from cryptosystems to signature schemes. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 331–350. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  48. 48.
    Meiklejohn, S., Shacham, H., Freeman, D.M.: Limitations on transformations from composite-order to prime-order groups: the case of round-optimal blind signatures. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 519–538. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  49. 49.
    Miers, I., Garman, C., Green, M., Rubin, A.D. : Zerocoin: Anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 397–411. IEEE Computer Society (2013)Google Scholar
  50. 50.
    Okamoto, T.: An electronic voting scheme. In: Terashima, N., Altman, E. (eds.) Advanced IT Tools. IFIP, pp. 21–30. Springer, Heidelberg (1996) CrossRefGoogle Scholar
  51. 51.
    Okamoto, T.: Efficient blind and partially blind signatures without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 80–99. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  52. 52.
    Pointcheval, D., Stern, J.: Provably secure blind signature schemes. In: Kim, K., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 252–265. Springer, Heidelberg (1996) Google Scholar
  53. 53.
    Pointcheval, D., Stern, J.: New blind signatures equivalent to factorization (extended abstract). In: Proceedings of the 4th ACM Conference on Computer and Communications Security CCS 1997, pp. 92–99. ACM (1997)Google Scholar
  54. 54.
    Schröder, D., Unruh, D.: Security of blind signatures revisited. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 662–679. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  55. 55.
    Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)zbMATHMathSciNetCrossRefGoogle Scholar
  56. 56.
    Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  57. 57.
    Vo, D.L., Zhang, F., Kim, K.: A new threshold blind signature scheme from pairings (2003)Google Scholar
  58. 58.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  59. 59.
    Zhou, X.:Threshold cryptosystem based fair off-line e-cash. In: Proceedings on the 2nd International Symposium on Intelligent Information Technology, pp. 692–696 (2008)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of ComputingUniversity of SurreyGuildfordUK

Personalised recommendations