ONE-OFF BLIND PUBLIC KEY
5. The properties of one-off blind public key protocol 1 One transform blind signature
For proofing A has the legal one-off blind public key, it needs the trusted entity’s signature on the generative factor of blind public key, then A can gen-erate the blind signature on the part of one-off blind public key based on the generative factor of blind public key, and B can verify it. In our scheme, this blind signature is different with the traditional blind signature [3, 4], only one transform is done, the message and the signature are transforming to another message and the corresponding signature at the same time, we call this blind signature as one transform blind signature. Its process is as follows:
(1) B signs on message gets the signature B sends to A.
(2) A transforms message to In the same time, A transforms the signature s to Now, A get the signature on
In this process, the trusted entity doesn’t know the final message that will be signed, and the final signature will be verified too, so it is one kind of blind signature. In this kind of blind signature, there are one important different from the traditional blind signature: In the traditional blind signature, A knows the final message that will be signed in advance, but in one transform blind
One-off Blind Public Key 135 signature, A doesn’t know the final message that will be signed in advance. In fact, in one-off blind public key, it signs on the part of the blind public key at the latest, the user’s blind public key is generated temporarily when it will be used, and the one-off blind public key is different every time.
5.2 The check on one-off blind public key
(1) B must check A has registered the trusted entity, and the one-off blind public key that A generated bases on the generative factor of blind public key that the trusted entity issues for A. It can be guaranteed through the blind signature on the part of the blind public key that is made by the trusted entity.
(2) B must check A has used the blind public key generative algorithm he promised and the one-off blind public key he published.
If A hasn’t used the blind public key generative algorithm he promised and the one-off blind public key he published, and B doesn’t check it. It means if A commits with one-off blind public key, no one including the trusted entity can reveal A’s identity. In general, the trusted entity won’t interfere the com-munication between A and B, so B must check it, and B can’t get any useful information from it.
5.3 The compose of one-off blind public key
From above analysis, we can get the conclusion: one-off blind public key is composed of five parts:
(1) the final public key used for signing or encrypting.
(2) the blind signature on the part of one-off blind public key that is made by the trusted entity.
(3) the blind factor for blind transform in one transform blind signature.
(4) the identifier of the blind public key generative algorithm.
(5) the identifier of the zero-knowledge proof for verifying the validity of one-off blind public key.
In our scheme, the blind public key generative algorithm and the identifier of the zero-knowledge proof for verifying the validity of one-off blind public key are specified by the trusted entity, this point isn’t presented directly in one-off blind public key. In fact, the trusted entity can specify more than one blind public key generative algorithm, every blind public key generative algorithm can correspond with one zero-knowledge proof protocol, and the user can select them when one-off blind public key is generated.
5.4 The functions and the rights of the trusted entity In our scheme, the functions of the trusted entity are as follows:
(1) Generate the generative factor of blind public key for every user.
(2) Reveal the user’s identity when he tries to cheat.
It is well known, the cooperation of B and the trusted entity can reveal one user’s identity in one communication, but can’t view other communications of this user, and it is more difficult to view one fixed user’s communication. This point can ensure the user can’t cheat with one-off blind public key, and the user’s communications have anonymity and disconnection. In our scheme, the trusted entity can forge one-off blind public key and its corresponding private key, but we don’t think the trusted entity will do it, otherwise it isn’t the trusted entity.
5.5 Comparison with group signature
(1) If treated the trusted entity as the group, only the member of the group can generate one-off blind public key.
(2) The receiver can verify the validity of one-off blind public key, but can’t discover the user’s identity.
(3) When the disputation occurs, the trusted entity can discover the user’s identity with the one-off blind public key.
However, the purpose of we generate off blind public key is to use one-off blind public key, and the using of one-one-off blind public key is to protect user’s privacy. The using of one-off blind public key is on behalf of the user, it is independent of the group. For the receivers, they need the trusted entity can ensure the validity of one-off blind public key and can discover the user’s identity when the user tries to cheat.
The definition and properties of one-off blind public key are proposed. The analysis of one-off blind public key and its protocol is done. A new scheme is presented, it can generate one-off blind public key based on RSA. In this scheme, when the one-off blind public key is used for encrypting, the session key based on public key is generated.
6. Conclusion
References
Boneh D, et.al. On the importance of checking cryptographic protocols for faults. Euro-crypt’97, 1997.
Chaum D, H. E. V., Group signature. Eurocrypt’91, 1991.
D, Chaum, Blind signatures for untraceable payments. Crypto’82, 1982.
D, Chaum, Security without identification: Transaction systems to make big brother obso-lete. Commun. of ACM, 28, 1985.
Gennaro R,et al., Rsa-based undeniable signatures, Journal of Cryptology. 13(4), 2000.
Zhang Giupu, G. B., One-off blind public key based on id. ACTA ELECTRONICA SINICA, No.5, 2003.