Blind signatures with libgcrypt
Jan Svensson
jan.svensson at hush.com
Wed Apr 8 23:07:32 CEST 2015
Hello,
I'm working on a project where I'm thinking of creating three small programs in e.g. the C language that all would use Libgcrypt if possible:
* a program "generate_blinding_factor" that generates a blinding factor "b".
* a program "blind" that takes a short text message in clear text and a blinding factor "b" as input parameters and gives as output the message in blinded format.
* a program "unblind" that takes a signed blinded message and a blinding factor "b" as input parameters and unblinds the message to get the output of the signed message in clear text.
Course of events:
1. the user would use "generate_blinding_factor" to generate a blinding factor "b"
2. the user would use "blind" with parameters "message" and "b" to blind the clear text message.
3. the user would send the blinded message to the signer.
4. the signer would sign the blinded message with e.g. "gpg --output blinded_message.sig --sign blinded_message" while not being able to see the clear text of the message he/she signs.
5. the signer would send the signed blinded message back to the user.
6. the user would use "unblind" with parameters "signed blinded message" and "b" to unblind the message and getting the clear text message signed by the signer.
7. the user would later (at the same time as other users) anonymously send the signed message to the signer.
We can assume that the signer keeps the blinded message he/she received in step 3 above so when the signer in step 7 gets to see the unblinded message in clear text, now also with the signers signature, then the signer cannot link those two messages to each other, i.e. sign(blind(message,b),d) and sign(message,d) cannot be linked.
Would it be possible to do the above with Libgcrypt and RSA? I've read in http://www.gnupg.org/documentation/manuals/gcrypt/gcrypt.pdf that Libgcrypt uses blinding for RSA decryption. It would be really nice if it was possible to use Libgcrypt in this project since I suppose it would be much more complicated for me to try to fetch the relevant code from Libgcrypt and then try to build all the three programs above without any library calls to Libgcrypt.
Kind regards,
Jan
More information about the Gcrypt-devel
mailing list