One-show blind signature systems

US 4,987,593 A
Filed: 04/05/1990
Issued: 01/22/1991
Est. Priority Date: 03/16/1988
Status: Expired due to Term

First Claim

Patent Images

1. In a public-key digital signature system, the improvement comprising the steps of:

issuing digital signatures by an issuing party and the issuing party ensuring that with substantial probability each of the issued signatures contains identifying information;

showing at least one of said issued signatures to at least one checking party to allow the checking party to verify the digital signature property of the signatures shown while substantially concealing, from even cooperation of every checking party and said signature issuing party, the identifying information contained in signatures shown at most once; and

testing said shown signatures to yield with substantial probability said identifying information contained in signatures shown more than once.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Numbers standing for cash money can be spent only one time each, otherwise the account from which they were withdrawn would be revealed. More generally, a technique for issuing and showing blind digital signatures ensures that if they are shown responsive to different challenges, then certain information their signer ensures they contain will be revealed and can be recovered efficiently. Some embodiments allow the signatures to be unconditionally untraceable if shown no more than once. Extensions allow values to be encoded in the signatures when they are shown, and for change on unshown value to be obtained in a form that is aggregated and untraceable.

Citations

13 Claims

1. In a public-key digital signature system, the improvement comprising the steps of:
- issuing digital signatures by an issuing party and the issuing party ensuring that with substantial probability each of the issued signatures contains identifying information;
  
  showing at least one of said issued signatures to at least one checking party to allow the checking party to verify the digital signature property of the signatures shown while substantially concealing, from even cooperation of every checking party and said signature issuing party, the identifying information contained in signatures shown at most once; and
  
  testing said shown signatures to yield with substantial probability said identifying information contained in signatures shown more than once.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said identifying information is divided between at least two parts included in each of said signatures issued;
    - at least one of said parts is revealed during said showing and checking of said signatures; and
      
      said testing yields the identifying information contained in the parts of said signatures that are revealed by the signatures being shown more than once.
  - 3. The method of claim 1, wherein the step of showing said signatures includes the transmission of a challenge by said checking party to the party showing the signature and subsequent transmission of a corresponding response value by the showing party to the checking party, where the distinct responses to multiple distinct challenges result in response values that reveal said identifying information but where a single response value does not reveal the identifying information.
  - 4. The method of claim 1, further comprising the steps of:
    - choosing first values of arguments by a party to whom a first signature is issued, the signature containing first identifying information, and the party using the first argument values to influence the signature issued; and
      
      cooperation of said issuing and showing steps to allow substantially any single showing corresponding to said first issuing and first values of said arguments to also correspond to a distinct second issuing having distinct second identifying information for some second values of said arguments.
  - 5. The method of claim 1, wherein each of said plural signatures is issued in one of plural issuing transactions and said identifying information included in each signature determines a proper subset of issuing transactions that with substantial probability includes the transaction in which that signature was issued.
  - 6. The method as in claims 1, 2, 3, 4 or 5, wherein said issued signatures are shown in exchange for value.
  - 7. The method of claim 6, further comprising the steps of:
    - providing amount indications, by a party to whom a signature is issued, to determine an amount of payment;
      
      providing refund indications, by said party to whom a signature is issued, to determine an amount of refund; and
      
      processing to recognize any of said refund indications for which said amount of payment plus said amount of refund exceeds a pre-arranged maximum.
  - 8. The method of claim 7, wherein said amount of refund is substantially aggregated over a plurality of said amounts of payment thereby concealing the linking between said payment indications and said refund indications that would be provided if each of the amounts of refund were to correspond to particular amounts of payment.

9. In a public-key digital signature system, the improvement comprising:
- a. digital signatures having identifying information;
  
  b. means for checking said signatures when shown and means for substantially concealing said identifying information in said signatures shown once; and
  
  c. signature testing means for yielding with substantial probability said identifying information in said signatures shown more than once.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The signature system of claim 9, wherein said identifying information is divided into at least two parts, at least one of said parts is revealed when said signature is shown and said testing means yields said identifying information from the parts revealed when said signature is shown more than once.
  - 11. The signature system of claim 9 further comprising:
    - d. means for transmitting a challenge of said signature being shown, ande. means for transmitting a response to said challenge which reveals said identifying information only when more than one of said challenges is transmitted.
  - 12. The signature system of claim 9, wherein each of said signatures is issued in one of a plurality of issuing transactions, and said identifying information included in each signature determines a proper subset of issuing transactions that with substantial probability includes the transaction in which that signature was issued.
  - 13. In the signature system as in any one of claims 9 to 12, said signature is a form of payment for value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Van Detsan Networks LLC (Intellectual Ventures LLC)
Original Assignee
David Chaum
Inventors
Chaum, David
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US07/504,878
Time in Patent Office

292 Days
Field of Search

380/25, 380/30, 380/3
US Class Current

705/69
CPC Class Codes

G06Q 20/06   Private payment circuits, e...

G06Q 20/3678   e-cash details, e.g. blinde...

G06Q 20/3825   Use of electronic signatures

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3257   using blind signatures

H04L 9/3271   using challenge-response

One-show blind signature systems

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

One-show blind signature systems

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links