# Understanding Blind Signatures by Ethan Heilman

## Introduction

Blind Signatures are a signature scheme which allows one party to sign a message without learning the message they signed.

History – Invented by David Chaum in 1982 for an early centralized digital currency called anonymous ecash.

This was an anonymous ecash that enabled a trusted party (like a bank) to issue and redeem coins without learning to whom these coins were spent.

### How Anonymous Ecash Works

1. Alice chooses a random serial number SN
2. Alice blinds SN with a random number r (*)
bSN = Blind(r, SN)
3. Signer signs bSN to generate a blind signaure
bσ = sign(SK, bSN)
4. Alice unblinds the blind signature to a signature on SN
σ = unblind(r, bσ)

Unlinkability – Any bSN (blinded serial number) can be unblinded to any other SN (serial number). Thus a bSN can not be linked to any SN.

This is only a description of RSA blind signatures, however there are many more blind signature schemes.

## RSA Signatures

``````PK = (e,N)
SK = (d,N)
RSA(PK, x) = x^e(mod N)
RSA-1(SK, y) = y^d(mod N)``````

RSA-1 and RSA are inverses of each other:

``RSA-1(SK, RSA(PK, x)) = ((x^e)^d) (mod N) = x``

Signing

``RSA-1(SK, Hash(m)) = Hash(m)^d (mod N) = σ``

Verification

``RSA(PK, σ) = σ^e (mod N) = (Hash(m)^d)^e (mod N) = Hash(m) (mod N)``

### Hidden RSA Signature

I’m so tired of typing these equations. Here’s a screenshot.