Pairing-free Blind Signatures with Exponential Security

Abstract: In this talk, I will present the first practical pairing-free blind signature schemes that achieve both concurrent security and short signatures. The unforgeability of our schemes is proved either in the generic group model (GGM) or in the algebraic group model (AGM) under the discrete logarithm assumption, and we also rely on the random-oracle model. Our schemes achieve perfect blindness. Unlike prior work, we do not rely on the hardness of the ROS problem (which can be solved in polynomial time) or the mROS problem (which is vulnerable to sub-exponential attacks). The only alternative with these properties is Abe's signature scheme (EUROCRYPT '02). It however produces longer signatures, is less efficient, and only achieves computational blindness. I will also provide an overview of the broader landscape of pairing-free blind signatures (and related primitives) and highlight both theoretical and practical challenges.

Based on joint work with Chenzhi Zhu (University of Washington), published at EUROCRYPT ‘22.

Suggested reading: ia.cr/2022/047