Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
8 CHAPTER 1. INTRODUCTION<br />
And, a perfect signature scheme with message recovery is represented by<br />
the following equation<br />
1.2.6 Blind signature<br />
ver(sig(x, Sk(y)), P k(y)) = x<br />
Blind signature schemes, initially introduced by D. Chaum [61], is a form <strong>of</strong> digital<br />
signature schemes in which the content <strong>of</strong> a message is blinded (disguised) before<br />
it is signed. The resulting blind signature can be publicly verified against<br />
the original, unblinded message in the manner <strong>of</strong> a regular digital signature.<br />
Blind signatures are typically employed in privacy-related protocols where the<br />
signer <strong>and</strong> message author are different parties; examples include electronic<br />
voting systems [115] <strong>and</strong> digital cash schemes.<br />
The blind signature schemes are described by the following algorithms:<br />
• the signature generation “sig”, the verification “ver”, <strong>and</strong> the key generation<br />
“G” algorithms which are defined as for the traditional digital signature<br />
schemes given in Section 1.2.5.<br />
• The blind “Bl”<strong>and</strong> unblind “Ubl” algorithms defined as follows:<br />
Blind algorithm takes as input a message “m” <strong>and</strong> a r<strong>and</strong>om selected value<br />
“r”, <strong>and</strong> returns the blinded value <strong>of</strong> “m” with respect to “r”.<br />
Unblind algorithm takes as input a blinded message “b” <strong>and</strong> a r<strong>and</strong>om selected<br />
value “r”, <strong>and</strong> outputs the original (unblinded) message provided<br />
that “b” has been constructed using “r” as r<strong>and</strong>om selected<br />
value.<br />
The blind signature schemes have the following algebraic properties:<br />
ver(sig(x, Sk(y)), P k(y)) = x, (or, ver(x, sig(x, Sk(y)), P k(y)) = 1)<br />
Ubl(Bl(x, y), y) = x<br />
Ubl(sig(Bl(x, y), Sk(z)), y) = sig(x, Sk(z))<br />
1.2.7 Hash function<br />
A cryptographic hash function is a deterministic procedure that takes an arbitrary<br />
block <strong>of</strong> data <strong>and</strong> returns a fixed-size bit string. <strong>Cryptographic</strong> hash<br />
functions have many information security applications, notably in digital signatures,<br />
message authentication codes (MACs), <strong>and</strong> other forms <strong>of</strong> authentication.<br />
Hash functions may have some <strong>of</strong> the following properties: