What is a blind signature?

A blind signature is a form of a digital signature in which the content of the message is hidden (blinded) before it is signed. With this technique, the signer will not have access to the contents of the message they are signing. This provides anonymity and unlinkability to the person who made that message. This technique is normally used when the author and the signer are different parties. To better understand blind signatures, it is better to go over some concepts of digital signatures first.

What is a digital signature?

A digital signature is a cryptographic technique used to verify the identity of the person sending the message. This technique uses asymmetric cryptographyIt is an encryption technique that uses a pair of keys to encrypt and decrypt data. Each pair of keys contain a public key and a private key, and both are used as inverses of each other. e.g., if a message is encrypted using a public key, then it can only be decrypted using the private key and vice versa. to verify the identity of the person. The working of a digital signature is explained in the example below:

• Alice has a message $m$that she wants to sign and send to Bob.

• She computes the hash of the message $m$ and encrypts the hash with her private keyA key, only known to Alice, which can be used to encrypt/decrypt data. . This encrypted hash is also known as the digital signature.

• Alice appends the signature (encrypted hash) $s$with the message $m$and sends it to Bob.

• Bob computes the hash of the message $m.$

• Then he decrypts the digital signature with Alice's public keyA key that is publicly available and can be used to encrypt/decrypt messages to/from Alice. and compares it with the hash of the message he computed in step 5.

• If both the hashes are equal, then it can be confirmed that Alice sent the message and the message was not corrupted on the network.

Note: Read more about digital signatures here.

How do blind signatures work?

In a blind signature, the message's contents are blinded by the sender. Therefore, the signer does not have access to the contents of the message. Later the message can be unblinded by the sender so that the signature remains on the unblinded message. The simplest example of a blinded signature is a blind RSA signature, which can be done in the following steps:

• Alice generates a message $m$ that she wants to send to Bob with a bank's signature, and she doesn't want the bank to know the message's contents.

• Alice multiplies the message with a blinding factor $r^e (mod N)$, where r is a random number that is relatively prime to $N$(meaning the greatest common divisor of $r$and$N$is equal to $1$),$e$is the exponent of the bank's public key and$N$is the modulo of the bank's public key. The message after multiplying with the blinding factor is:

• Alice sends this blinded message to the bank (signing authority).

• The bank then generates an RSA signature $s^\prime$ for the blinded message $m^\prime$by raising it to the bank's secret exponent $d$ and taking a modulus with the bank's public exponent $N.$

• Bank sends this signature on the blinded message$s^\prime$to Alice.

• Alice then removes the blinding factor from$s^\prime$to reveal the unblinded signature$s$ by multiplying it with $r^{-1} (mod N).$

The detailed working of the equation above is as follows:

Where $r^{ed} \equiv r (mod N)$is a property that all RSA keys satisfy.

• Alice then sends this unblinded signature $s$to Bob.

• Bob then uses the bank's public key to decrypt the signature$s,$thus verifying that this message was signed by the bank's private key (which is only accessible to the bank).