Existing blind signature schemes that are secure for poly- nomially many concurrent executions of the signing protocol are either inefficient or rely on non-standard assumptions (even in the random-oracle model). We show the first efficient blind signature schemes achieving this level of security based on the RSA, factoring, or discrete-logarithm assumptions (in the random-oracle model). Our core technique involves an extension and generalization of a transform due to Pointcheval (Eurocrypt ’98) that allows us to boost the number of signatures supported by a certain class of blind signature schemes.
2021-12
2024-09-06