Bitcoin Forum
June 26, 2019, 05:14:11 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Does Bitcoin Script Support Verify Blind Signature?  (Read 100 times)
Staizita
Newbie
*
Offline Offline

Activity: 13
Merit: 4


View Profile
April 18, 2019, 02:27:26 PM
Merited by ETFbitcoin (1)
 #1

 Had anyone read this paper?  Paper Link: https://eprint.iacr.org/2016/056.pdf

     In this paper, what script is used to verify the blind sign?  I didn't understand.
     In the seventh page of this paper, the transaction Tf needs to meet two conditions.
Code:
1. T[sub]f[/sub] is signed by I and contains a valid blind signature /theta on sn(overlines), or
2. T[sub]f[/sub] is signed by A and the time window tw has expired.
    I know that Condition 2 uses OP_EQUALVERIFY OP_CHECKSIG and timelock to achieve.
     But how is Condition 1  implemented?  
     Can someone teach me?

    
1561569251
Hero Member
*
Offline Offline

Posts: 1561569251

View Profile Personal Message (Offline)

Ignore
1561569251
Reply with quote  #2

1561569251
Report to moderator
1561569251
Hero Member
*
Offline Offline

Posts: 1561569251

View Profile Personal Message (Offline)

Ignore
1561569251
Reply with quote  #2

1561569251
Report to moderator
1561569251
Hero Member
*
Offline Offline

Posts: 1561569251

View Profile Personal Message (Offline)

Ignore
1561569251
Reply with quote  #2

1561569251
Report to moderator
Bitcoin Poker 3.0
The Largest Bitcoin Poker Site
Bad Beat Jackpot Available
No Limit Texas Hold'em Cash Games And Tournaments
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1561569251
Hero Member
*
Offline Offline

Posts: 1561569251

View Profile Personal Message (Offline)

Ignore
1561569251
Reply with quote  #2

1561569251
Report to moderator
1561569251
Hero Member
*
Offline Offline

Posts: 1561569251

View Profile Personal Message (Offline)

Ignore
1561569251
Reply with quote  #2

1561569251
Report to moderator
1561569251
Hero Member
*
Offline Offline

Posts: 1561569251

View Profile Personal Message (Offline)

Ignore
1561569251
Reply with quote  #2

1561569251
Report to moderator
aliashraf
Hero Member
*****
Offline Offline

Activity: 812
Merit: 627


View Profile
April 18, 2019, 08:40:25 PM
Last edit: April 18, 2019, 09:13:25 PM by aliashraf
Merited by ETFbitcoin (1), Heisenberg_Hunter (1)
 #2

I think there is a deep misunderstanding here:

Blind signatures are not about verification phase but about signing phase :

Alice has a message m and wants Bob to sign it blindly. i.e without disclosing m or leaking any information about it. Alice needs e= s(m,pb) where s is the asymmetric encryption algorithm used (ECDSA 256k1 for bitcoin) and pb is Bob's private key. The problem would be Bob generating e without becoming aware of original message m where he doesn't want to disclose his private key to Alice as well.

1- Alice first calcualtes m' = f(m) where f is a one way special function such that e(f(x), p) = e(x,p). Function f is a homomorphism but is not reversible.

2- Alice sends m' to Bob and he signs it by generating e= s(m',pb). Bob has no clue about the actual message m being signed here.

3- Alice receives e from Bob and relays it to designated verifiers along with m (the original message) just like a normal signed message.

4- Verifiers check the signature e against Bob's public key and m without being aware of the blinding process at all and they will succeed because e= s(f(m),pb) = s(m,pb) according to the basic property of function f.

Blind signatures have various applications and as you may have already figured out, employing them in bitcoin is an application side issue and has nothing to do with full nodes and verifcation process.

For bitcoin ECDSA 256k1 encryption algorithm various blinding functions (f) has been proposed for instance: https://eprint.iacr.org/2018/660.pdf

I've no further information about the extents this technique is used in bitcoin ecosystem but the point is bitcoin nodes and their script processing engine are absolutely neutral in this regard and don't need to improve for supporting it.

Staizita
Newbie
*
Offline Offline

Activity: 13
Merit: 4


View Profile
April 19, 2019, 02:42:32 AM
 #3


Blind signatures have various applications and as you may have already figured out, employing them in bitcoin is an application side issue and has nothing to do with full nodes and verifcation process.

For bitcoin ECDSA 256k1 encryption algorithm various blinding functions (f) has been proposed for instance: https://eprint.iacr.org/2018/660.pdf

I've no further information about the extents this technique is used in bitcoin ecosystem but the point is bitcoin nodes and their script processing engine are absolutely neutral in this regard and don't need to improve for supporting it.



Ok , Thanks!

Does Group signature schemes that are compatible with the Elliptic Curve Digital Signature Algorithm (ECDSA)existing?

Are there  papers about Group signature schemes are compatible with ECDSA?
 
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1680
Merit: 1813

Use SegWit and enjoy lower fees.


View Profile WWW
April 19, 2019, 04:51:35 PM
 #4

A bit off-topic, if you're looking cryptography where you can verify a signature without revealing the message, you should look for Zero-knowledge proof Cryptography.
There are few Cryptocurrency which uses it such as Monero and ZCash.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!