Blind signatures with libgcrypt
Jan Svensson <jan.svensson <at> hush.com>
2015-04-08 21:07:32 GMT
I'm working on a project where I'm thinking of creating three small programs in e.g. the C language that all
would use Libgcrypt if possible:
* a program "generate_blinding_factor" that generates a blinding factor "b".
* a program "blind" that takes a short text message in clear text and a blinding factor "b" as input
parameters and gives as output the message in blinded format.
* a program "unblind" that takes a signed blinded message and a blinding factor "b" as input parameters and
unblinds the message to get the output of the signed message in clear text.
Course of events:
1. the user would use "generate_blinding_factor" to generate a blinding factor "b"
2. the user would use "blind" with parameters "message" and "b" to blind the clear text message.
3. the user would send the blinded message to the signer.
4. the signer would sign the blinded message with e.g. "gpg --output blinded_message.sig --sign
blinded_message" while not being able to see the clear text of the message he/she signs.
5. the signer would send the signed blinded message back to the user.
6. the user would use "unblind" with parameters "signed blinded message" and "b" to unblind the message and
getting the clear text message signed by the signer.
7. the user would later (at the same time as other users) anonymously send the signed message to the signer.
We can assume that the signer keeps the blinded message he/she received in step 3 above so when the signer in
step 7 gets to see the unblinded message in clear text, now also with the signers signature, then the signer
cannot link those two messages to each other, i.e. sign(blind(message,b),d) and sign(message,d)
cannot be linked.
Would it be possible to do the above with Libgcrypt and RSA? I've read in
http://www.gnupg.org/documentation/manuals/gcrypt/gcrypt.pdf that Libgcrypt uses blinding for
RSA decryption. It would be really nice if it was possible to use Libgcrypt in this project since I suppose
it would be much more complicated for me to try to fetch the relevant code from Libgcrypt and then try to