國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
17.3 Applications beyond Bitcoin
Our partially blind ECDSA can be applied to any Bitcoinliked cryptocurrency system.
This kind of cryptocurrencies are usually based on UTXOmodel [8] and often use ECDSA as signature scheme, just like Bitcoin. However, whether our application can be simply used in cryptocurrencies based on other model (like accountmodel in Ethereum [57]), is a question worth discussing in the future.
In addition to cryptocurrency, our application can be used in ecash system. Since blind signature is born for ecash and partially blind signature is born to make blind signature more flexible, it is clear that our partially blind ECDSA is compatible with ecash system.
Nevertheless, ECDSA has shorter public key size compared to other signature schemes which are not based on ECC, such as DSA. As mentioned before, our partially blind ECDSA makes it easy for the bank to control the database size, and can significantly reduce the storage for storing public key data.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
Chapter 18 Conclusion
We proposed two variantECDSA schemes and three partially blind signature schemes.
Compared with other schemes, our first scheme is the most practical in terms of computational cost. For the compatibility with Bitcoin system, we proposed two variants of ECDSA with their security proofs under generic group model. Subsequently, we proposed two ECDSAbased partially blind signatures based on variantECDSA1 and 2, respectively. Our second and third schemes require more computation time but are compatible with Bitcoin system. Moreover, all our proposed schemes are unforgeable under adaptive chosenmessage attacks and partially blind. In our future work, because our second and third scheme relies on a timeintensive zero
knowledge proof, we intend to develop an improved solution that reduces the computational cost.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
Bibliography
[1] D. R. Brown, “Generic groups, collision resistance, and ECDSA,” Designs, Codes and Cryptography, vol. 35, no. 1, pp. 119–152, 2005.
[2] A. Lysyanskaya, “Signature schemes and applications to cryptographic protocol design,”
Ph.D. dissertation, Massachusetts Institute of Technology, 2002.
[3] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE transactions on Information Theory, vol. 22, no. 6, pp. 644–654, 1976.
[4] D. Chaum, A. Fiat, and M. Naor, “Untraceable electronic cash,” in Conference on the Theory and Application of Cryptography. Springer, 1988, pp. 319–327.
[5] D. Chaum, “Blind signatures for untraceable payments,” in Advances in cryptology.
Springer, 1983, pp. 199–203.
[6] M. Abe and E. Fujisaki, “How to date blind signatures,” in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 1996, pp.
244–251.
[7] M. Abe and T. Okamoto, “Provably secure partially blind signatures,” in Annual International Cryptology Conference. Springer, 2000, pp. 271–286.
[8] S. Nakamoto, “Bitcoin: A peertopeer electronic cash system,” Manubot, Tech. Rep., 2019.
[9] D. Johnson, A. Menezes, and S. Vanstone, “The elliptic curve digital signature algorithm (ECDSA),” International journal of information security, vol. 1, no. 1, pp. 36–63, 2001.
[10] D. W. Kravitz, “Washington, DC: U.S. patent and trademark office,” U.S. Patent No. 5, vol. 231, p. 668, 1993.
‧
[12] M. An, “Blind signatures with DSA/ECDSA?” Annual International Cryptology Conference, pp. 271–286, 2004. [Online]. Available: http://lists.virus.org/cryptography
0404/msg00149.html
[13] W. Ladd, “Blind signatures for bitcoin transaction anonymity,” 2012.
[14] X. Yi and K.Y. Lam, “A new blind ECDSA scheme for bitcoin transaction anonymity,”
in Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 2019, pp. 613–620.
[15] D. Pointcheval and J. Stern, “Provably secure blind signature schemes,” in International Conference on the Theory and Application of Cryptology and Information Security.
Springer, 1996, pp. 252–265.
[16] M. Stadler, J.M. Piveteau, and J. Camenisch, “Fair blind signatures,” in International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 1995, pp. 209–219.
[17] Y. Frankel, Y. Tsiounis, and M. Yung, ““indirect discourse proofs”: Achieving efficient fair offline ecash,” in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 1996, pp. 286–300.
[18] Y. Xie, F. Zhang, X. Chen, and K. Kim, “Idbased distributed ’magic ink’ signature,” in Information and Communications Security, Fifth International Conference, ICICS, 2003, pp. 10–13.
[19] A. Shamir, “Identitybased cryptosystems and signature schemes,” in Workshop on the theory and application of cryptographic techniques. Springer, 1984, pp. 47–53.
[20] A. J. Menezes, T. Okamoto, and S. A. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field,” iEEE Transactions on information Theory, vol. 39, no. 5, pp.
1639–1646, 1993.
[21] F. Zhang and K. Kim, “Idbased blind signature and ring signature from pairings,” in
‧
[22] S. Lal and A. K. Awasthi, “Proxy blind signature scheme,” Journal of Information Science and Engineering. Cryptology ePrint Archive, Report, vol. 72, 2003.
[23] F. Zhang, R. SafaviNaini, and C.Y. Lin, “New proxy signature, proxy blind signature and proxy ring signature schemes from bilinear pairing.” IACR Cryptol. ePrint Arch., vol.
2003, p. 104, 2003.
[24] Z. Tan, Z. Liu, and C. Tang, “Digital proxy blind signature schemes based on DLP and ECDLP,” MM Research Preprints, vol. 21, no. 7, pp. 212–217, 2002.
[25] S. S. Chow, L. C. Hui, S.M. Yiu, and K. Chow, “Forwardsecure multisignature and blind signature schemes,” Applied Mathematics and Computation, vol. 168, no. 2, pp. 895–908, 2005.
[26] D. N. Duc, J. H. Cheon, and K. Kim, “A forwardsecure blind signature scheme based on the strong RSA assumption,” in International Conference on Information and Communications Security. Springer, 2003, pp. 11–21.
[27] L. Liu and Z. Cao, “Universal forgeability of a forwardsecure blind signature scheme proposed by Duc et al.” IACR Cryptol. ePrint Arch., vol. 2004, p. 262, 2004.
[28] X. Chen, F. Zhang, and K. Kim, “IDbased multiproxy signature and blind multisignature from bilinear pairings,” Proceedings of KIISC, vol. 3, pp. 11–19, 2003.
[29] A. Lysyanskaya and Z. Ramzan, “Group blind digital signatures: A scalable solution to electronic cash,” in International Conference on Financial Cryptography. Springer, 1998, pp. 184–197.
[30] J. Kim, K. Kim, and C. Lee, “An efficient and provably secure threshold blind signature,”
in International Conference on Information Security and Cryptology. Springer, 2001, pp.
318–327.
[31] D. L. Vo, F. Zhang, and K. Kim, “A new threshold blind signature scheme from pairings,”
2003.
[32] T. K. Chan, K. Fung, J. K. Liu, and V. K. Wei, “Blind spontaneous anonymous group signatures for ad hoc groups,” in European Workshop on Security in Adhoc and Sensor Networks. Springer, 2004, pp. 82–94.
‧
[33] D. Jena, S. K. Jena, and B. Majhi, “A novel untraceable blind signature based on elliptic curve discrete logarithm problem,” 2007.
[34] M. Nikooghadam and A. Zakerolhosseini, “An efficient blind signature scheme based on the elliptic curve discrete logarithm problem,” ISeCureThe ISC International Journal of Information Security, vol. 1, no. 2, pp. 125–131, 2009.
[35] D. He, J. Chen, and R. Zhang, “An efficient identitybased blind signature scheme without bilinear pairings,” Computers & Electrical Engineering, vol. 37, no. 4, pp. 444–450, 2011.
[36] H.Y. Chien, J.K. Jan, and Y.M. Tseng, “RSAbased partially blind signature with low computation,” in Proceedings. Eighth International Conference on Parallel and Distributed Systems. ICPADS 2001. IEEE, 2001, pp. 385–389.
[37] F. Zhang, R. SafaviNaini, and W. Susilo, “Efficient verifiable encrypted signature and partially blind signature from bilinear pairings,” in International Conference on Cryptology in India. Springer, 2003, pp. 191–204.
[38] G. Maitland and C. Boyd, “A provably secure restrictive partially blind signature scheme,”
in International Workshop on Public Key Cryptography. Springer, 2002, pp. 99–114.
[39] S. S. Chow, L. C. Hui, S.M. Yiu, and K. Chow, “Two improved partially blind signature schemes from bilinear pairings,” in Australasian Conference on Information Security and Privacy. Springer, 2005, pp. 316–328.
[40] T. Okamoto, “Efficient blind and partially blind signatures without random oracles,” in Theory of Cryptography Conference. Springer, 2006, pp. 80–99.
[41] C.P. Schnorr, “Efficient identification and signatures for smart cards,” in Conference on the Theory and Application of Cryptology. Springer, 1989, pp. 239–252.
[42] V. S. Miller, “Use of elliptic curves in cryptography,” in Conference on the theory and application of cryptographic techniques. Springer, 1985, pp. 417–426.
[43] D. Pointcheval and J. Stern, “Provably secure blind signature schemes,” in International Conference on the Theory and Application of Cryptology and Information Security.
‧
[44] ——, “Security arguments for digital signatures and blind signatures,” Journal of cryptology, vol. 13, no. 3, pp. 361–396, 2000.
[45] J. H. Silverman and J. Suzuki, “Elliptic curve discrete logarithms and the index calculus,”
in International Conference on the Theory and Application of Cryptology and Information Security. Springer, 1998, pp. 110–125.
[46] V. I. Nechaev, “Complexity of a determinate algorithm for the discrete logarithm,”
Mathematical Notes, vol. 55, no. 2, pp. 165–172, 1994.
[47] V. Shoup, “Lower bounds for discrete logarithms and related problems,” in International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 1997, pp. 256–266.
[48] S. Goldwasser, S. Micali, and C. Rackoff, “The knowledge complexity of interactive proof systems,” SIAM Journal on computing, vol. 18, no. 1, pp. 186–208, 1989.
[49] A. Fiat and A. Shamir, “How to prove yourself: Practical solutions to identification and signature problems,” in Conference on the theory and application of cryptographic techniques. Springer, 1986, pp. 186–194.
[50] O. Blazy, D. Pointcheval, and D. Vergnaud, “Compact roundoptimal partiallyblind signatures,” in International Conference on Security and Cryptography for Networks.
Springer, 2012, pp. 95–112.
[51] W.J. Tsaur, J.H. Tsao, and Y.H. Tsao, “An efficient and secure ECCbased partially blind signature scheme with multiple banks issuing ecash payment applications,” in Proceedings of the International Conference on eLearning, eBusiness, Enterprise Information Systems, and eGovernment (EEE). The Steering Committee of The World Congress in Computer Science, Computer …, 2018, pp. 94–100.
[52] S. H. Islam and G. Biswas, “A pairingfree identitybased authenticated group key agreement protocol for imbalanced mobile networks,” Annals of télécommunications
annales des telecommunications, vol. 67, no. 1112, pp. 547–558, 2012.
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
[53] ——, “Provably secure and pairingfree certificateless digital signature scheme using elliptic curve cryptography,” International Journal of Computer Mathematics, vol. 90, no. 11, pp. 2244–2258, 2013.
[54] N. Tahat, E. Ismail, and A. Alomari, “Partially blind signature scheme based on chaotic maps and factoring problems,” Italian Journal of Pure and Applied Mathematics, p. 165, 2018.
[55] N. Gura, A. Patel, A. Wander, H. Eberle, and S. C. Shantz, “Comparing elliptic curve cryptography and RSA on 8bit CPUs,” in International workshop on cryptographic hardware and embedded systems. Springer, 2004, pp. 119–132.
[56] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza,
“Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE Symposium on Security and Privacy. IEEE, 2014, pp. 459–474.
[57] G. Wood et al., “Ethereum: A secure decentralised generalised transaction ledger,”
Ethereum project yellow paper, vol. 151, no. 2014, pp. 1–32, 2014.