RUS  ENG
Full version
JOURNALS // Matematicheskie Voprosy Kriptografii [Mathematical Aspects of Cryptography] // Archive

Mat. Vopr. Kriptogr., 2023 Volume 14, Issue 2, Pages 25–42 (Mi mvk436)

This article is cited in 1 paper

On the (im)possibility of secure ElGamal blind signatures

L. R. Akhmetzyanova, E. K. Alekseev, A. A. Babueva, S. V. Smyshlyaev

CryptoPro LLC, Moscow

Abstract: In the current paper we investigate the possibility of designing secure blind signature scheme based on ElGamal signature equation. We define the generalized construction and analyze its security. We consider two types of schemes with the proposed construction, that cover all existing schemes. For schemes of the first type we provide generic ROS-style attack that violates unforgeability in the parallel setting. For schemes of the second type we prove that they do not provide either blindness, or unforgeability. As the result, we prove that all known ElGamal blind signature schemes are not secure. Moreover, these results show that the existence of secure ElGamal blind signature scheme is potentially possible only for small set of signature equations and requires the non-standard way of generating the first component of the signature.

Key words: ElGamal signature scheme, blind signature scheme, ROS attack.

UDC: 519.719.2

Received 02.IX.2022

Language: English

DOI: 10.4213/mvk436



© Steklov Math. Inst. of RAS, 2024