@blockswaplab/blind-signer v2.0.4

Restrictive Partially Blind Signatures

Restrictive partially blind signatures are signatures meant to enable a restrictive and partially blind signing.

Restrictive: Once the message contents are agreed upon we cannot change the contents anymore

Partially-Blind: Message being signed-over consists of a public part (info) and a private part (message) which enables the signer to hand out a signature over the half-revealed content

At a high-level the scheme goes as follows:

Round 1: Recipient

Recipient prepares visible information info and hidden information message and sends it over to the signer

Round 2: Signer

Signer receives the message and info, computes a commitment x and sends it over to the recipient

Round 3: Recipient

Recipient computes a challenge c given the commitment x and sends the challenge c to the signer

Round 4: Signer

Signer solves the challenge c and sends the solution s back to the recipient

Round 5: Recipient

Recipient combines the challenge c and solution s and derives a signature p

This scheme demonstrates the whole process of generating RPBS signatures:

RPBS Functions

commitToSignature(message, info)

Commit to the signature given the information packet containing private and public part of the message

Input:

• message - Elliptic curve point representing message
• info - Public part of information

Output:

• { z1, a1, b1, a2 } - Set of constants encoding the commitment

computeChallenge(commitment, messagePoint, info, publicKey)

Compute the challenge for round2 given the signature commitment

Input:

• commitment - Commitment from the function commitToSignature
• messagePoint - Message encoded on the elliptic curve point
• info - Public part of information
• publicKey - Public key of the signer

Output:

• { c } - the challenge

solveChallenge(challenge)

Solve the challenge provided by the recipient

Input:

• challenge - Challenge from the function computeChallenge

Output:

• { c1, s1, c2, s2 } - Set of constants encoding challenge solution

unblindSignature(challenge, challengeSolution, commitment, publicKey, message, info)

Unblind the signature provided the data from previous rounds

• challenge - Challenge computed in the function computeChallenge
• challengeSolution - Solution from the function solveChallenge
• commitment - Commitment to the signature from function commitToSignature
• publicKey - Public key of the signer
• message - Hash of the message (private part)
• info - Public part of the message

Output:

• { z1Hat, c1Hat, s1Hat, c2Hat, s2Hat, m1Hat } - Set of constants encoding unblinded signature with the message m1Hat

verifySignature(publicKey, info, signature)

Verify the signature unblinded in the function unblindSignature

Input:

• publicKey - Public key of the signer
• info - Public part of the message
• signature - Signature unblinded in unblindSignature (contains m1Hat)

Output:

• true / false - Signature validity