Blind signature systems
First Claim
1. A method for processing a plurality of original digital messages by plural provider parties before they are transformed with public key digital signatures by a signer party and for processing the resulting messages by the corresponding provider parties after they have been transformed with the public key digital signatures where said processed digital messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because, although the public key digital signatures of said resulting digital messages are checkable using a public key, the signer is unable to determine the correspondence between elements of said processed digital message set and elements of the corresponding said resulting digital message set, said method for processing comprising the steps of:
- blinding a plurality of original digital messages by a plurality of corresponding supplier parties transforming each such message at least partially responsive to a corresponding first key to produce corresponding digital first messages;
signing each of said first messages by a signing party applying a public key digital signature thereto to produce a corresponding plurality of digital second messages;
unblinding said plurality of second messages by said supplier parties transforming each at least partially responsive to said first keys to produce a corresponding plurality of digital third messages which retain a public key digital signature property related to said original messages and to said signing step; and
said blinding step being performed by said supplier parties using said first keys so as to make said signer party without the corresponding first keys unable to readily determine the correspondence between individual messages within said plurality of third messages and individual messages within said plurality of first messages.
19 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic system allows, in one exemplary use, a supplier to cryptographically transform a plurality of messages responsive to secret keys; the transformed messages to be digitally signed by a signer; and the signed transformed messages returned to the supplier to be transformed by the supplier, responsive to the same secret keys, in such a way that a digital signature related to each original message is developed by the supplier. One important property of these systems is that the signer cannot determine which transformed message received for signing corresponds with which digital signature--even though the signer knows that such a correspondence must exist.
-
Citations
41 Claims
-
1. A method for processing a plurality of original digital messages by plural provider parties before they are transformed with public key digital signatures by a signer party and for processing the resulting messages by the corresponding provider parties after they have been transformed with the public key digital signatures where said processed digital messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because, although the public key digital signatures of said resulting digital messages are checkable using a public key, the signer is unable to determine the correspondence between elements of said processed digital message set and elements of the corresponding said resulting digital message set, said method for processing comprising the steps of:
-
blinding a plurality of original digital messages by a plurality of corresponding supplier parties transforming each such message at least partially responsive to a corresponding first key to produce corresponding digital first messages; signing each of said first messages by a signing party applying a public key digital signature thereto to produce a corresponding plurality of digital second messages; unblinding said plurality of second messages by said supplier parties transforming each at least partially responsive to said first keys to produce a corresponding plurality of digital third messages which retain a public key digital signature property related to said original messages and to said signing step; and said blinding step being performed by said supplier parties using said first keys so as to make said signer party without the corresponding first keys unable to readily determine the correspondence between individual messages within said plurality of third messages and individual messages within said plurality of first messages. - View Dependent Claims (2, 3, 4, 5, 6, 11, 12, 13, 15, 16, 17, 18)
-
-
7. A method for processing a plurality of original digital messages before they receive public key digital signatures and for processing the resulting messages after they have received the public key digital signatures where said processed digital messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because, although the public key ditial signatures of said resulting digital messages are checkable using a public key, even possession of the public key and of the corresponding secret signing key does not readily allow the correspondence between the elements of said processed digital message set and the elements of the corresponding said resulting digital message set to be determined, said method for processing comprising the steps of:
-
blinding a plurality of original digital messages by transforming each responsive to a corresponding first key to produce corresponding digital first messages; signing each of said first messages by applying a public key digital signature transformation thereto, using at least a secret signing key, to produce a corresponding plurality of digital second messages; unblinding said plurality of second messages by transforming each, at least partially responsive to said first keys, to produce a corresponding plurality of signed digital third messages related to said original messages and where the digital signature property derives from said secret signing key; and said blinding step being performed using separate said first keys so as to make substantially computationally infeasible substantial linking, even using said secret signing key, of individual messages within said plurality of third messages to individual messages within said plurality of first messages. - View Dependent Claims (8, 9, 10)
-
-
14. A method for providing untraceability of value transfers by processing a plurality of original digital messages before they receive public key digital signatures and for processing the resulting messages after they have received the public key digital signatures where said processed digital messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because although the public key digital signatures of said resulting digital messages are checkable using a public key, even possession of that public key and of the corresponding secret signing key is substantially insufficient to substantially feasibly determine the correspondence between the elements of said processed digital message set and the elements of the corresponding said resulting digital message set, said method for processing comprising the steps of:
-
blinding at least part of each of a plurality of digital original messages responsive to first keys to produce corresponding blinded first digital messages, by each of plural supplier parties; receiving said first messages, by a signer party, and the signer party transforming at least two of said first messages, at least partially responsive to signing secret key information of said signer party, to produce second digital messages; providing the corresponding said second messages to at least two corresponding said supplier parties in exchange for a transfer of value from such corresponding supplier parties; receiving corresponding said second messages by said supplier parties and transforming the corresponding second messages with said first keys to produce corresponding unblinded third digital messages each having a digital signature property related to a corresponding one of said original messages thereby making it infeasible for the signer party to link said first messages with the third messages, without the first keys; receiving at least one of said third messages by a checker party, and the checker party checking a public key digital signature related to the corresponding said original message; and maintaining a record depending on said previously checked third messages and preventing a signature related to the same such third message from being accepted more than once, and providing value in exchange for said signatures accepted.
-
-
19. A method for processing original digital messages before they receive public key digital signatures and for processing the resulting messages after they have received the public key digital signatures where said processed digital messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because, although the public key digital signatures of said resulting digital messages are checkable using a public key, even possession of the public key and of the corresponding secret signing key does not readily allow the correspondence between elements of said processed digital message set and elements of the corresponding said resulting digital message set to be determined, said method for processing comprising the step of:
-
transforming at least part of a first input with a first blinding transformation depending on a first secret key to produce a first output; receiving said first output and transforming said first output with a second blinding transformation depending on a second secret key to produce a second output; receiving said second output and developing a third output at least partially responsive to the second output and to a secret signing key; receiving said third output and transforming the third output with a first unblinding tranformation, depending on a first one of said first and second secret key, to produce a fourth output; and transforming said fourth output with a second unblinding transformation, depending on the remaining one of said first and second secret keys, to produce a fifth output, and the fifth output retaining a digital signature property related to said first input, and said third and the fifth outputs being not readily linkable without the first and second secret keys.
-
-
20. Apparatus for processing a plurality of original digital messages by plural provider parties before they are transformed with public key digital signatures by a signer party and for processing the resulting digital messages by the corresponding provider parties after they have been transformed with the public key digital signatures where said processed digital messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because, although the public key digital signatures of said resulting digital messages are checkable using a public key, the signer is unable to determine the correspondence between elements of said processed digital message set and elements of the corresponding said resulting digital message set, said apparatus for processing comprising:
-
means for blinding a plurality of original digital messages by a plurality of corresponding supplier parties transforming each such message at least partially responsive to a corresponding first key to produce corresponding digital first messages; means for signing each of said first messages by a signing party applying a public key digital signature thereto to produce a corresponding plurality of digital second messages; means for unblinding said plurality of second messages by said supplier parties transforming each at least partially responsive to said first keys to produce a corresponding plurality of digital third messages which retain a public key digital signature property related to said original messages and to said means for signing; and said means for blinding by said supplier parties including means for using said first keys so as to make said signer party without the corresponding first keys unable to readily determine the corresponding between individual messages within said plurality of third messages and individual messages within said plurality of first messages. - View Dependent Claims (21, 22, 23, 24, 25, 30, 31, 32, 33, 34, 37, 38, 39, 40)
-
-
26. Apparatus for processing a plurality of original digital messages before they receive public key digital signatures and for processing the resulting messages after they have received the public key digital signatures where said processed digital messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because, although the public key digital signatures of said resulting digital messages are checkable using a public key, even possession of the public key and of the corresponding secret signing key does not readily allow the correspondence between the elements of said processed digital message set and the elements of the corresponding said resulting digital message set to be determined, said apparatus for processing comprising:
-
means for blinding a plurality of original digital messages by transforming each responsive to a corresponding first key to produce corresponding digital first messages; means for signing each of said first messages by applying a public key digital signature thereto, using at least a secret signing key to produce a corresponding plurality of signed digital second messages; means for unblinding said plurality of signed second messages by transforming each, at least partially responsive to said first keys, to produce a corresponding plurality of signed digital third messages related to said original messages and where the digital signature property derives from said secret signing key; and said means for blinding using said first keys so as to make substantially computationally infeasible substantial linking, even using said secret signing key, of individual messages within said plurality of third messages to individual messages within said plurality of first messages. - View Dependent Claims (27, 28, 29)
-
-
35. Apparatus for providing untraceability of value transfers by processing a plurality of original digital messages before they receive public key digital signatures and processing the resulting digital messages after they have received the public key digital signatures where said processed digital messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because although the public key digital signatures of said resulting digital messages are checkable using a public key, even possesssion of that public key and of the corresponding secret signing key is substantially insufficient to substantially feasibly determine the correspondence between the elements of said processed digital message set and the elements of the corresponding said resulting digital message set, said apparatus for processing comprising:
-
means for blinding by transforming at least part of each of a plurality of original digital messages responsive to first keys to produce corresponding blinded first digital messages, by each of plural supplier parties; means for receiving said first messages, by a signer party, and the signer party transforming at least two of said first messages, at least partially responsive to signing secret key information of said signer party, to produce second digital messages; means for providing the corresponding said second messages to at least two corresponding said supplier parties in exchange for a transfer of value from such corresponding supplier parties; means for receiving corresponding said second messages by said supplier parties and transforming the corresponding second messages with said first keys to produce corresponding unblinded third digital messages each having a digital signature property related to a corresponding one of said original messages thereby making it infeasible for the signer party to link said first messages with the third messages, without the first keys; means for receiving at least one of said third messages by a checker party and the checker party checking a public key digital signature property related to the corresponding said original messages; and means for maintaining a record depending on said previously checked third messages and preventing a signature related to the same such third messages from being accepted more than once, and for providing value in exchange for said signatures accepted. - View Dependent Claims (36)
-
-
41. Apparatus for processing original digital messages before they receive public key digital signatures and for processing the resulting messages after they have received the public key digital signatures where said processed digitial messages are considered to be "blinded" and said resulting digital messages to be "unblinded" because, although the public key digital signatures of said resulting digital messages are checkable using a public key, even possession of the public key and of the corresponding secret signing key does not readily allow the correspondence between elements of said processed digital message set and elements of the corresponding said resulting digital message set to be determined, said apparatus for processing comprising:
-
means for transforming at least part of a first input with a first blinding transformation depending on a first secret key to produce a first output; means for receiving said first output and transforming said first output with a second blinding transformation depending on a second secret key to produce a second output; means for receiving said second output and developing a third output at least partially responsive to the second output and to a secret signing key; means for receiving said third output and transforming the third output with a first unblinding tranformation, depending on a first one of said first and second secret keys, to produce a fourth output; and means for transforming said fourth output with a second unblinding transformation, depending on the remaining one of said first and second secret keys, to produce a fifth output, and the fifth output retaining a digital signature property related to said first input, and said third and the fifth outputs being not readily linkable without the first and second secret keys.
-
Specification