[cryptography] enabling blind signatures in GPG
steveweis at gmail.com
Sun Aug 18 15:35:57 EDT 2013
Hi Jake. This is not GPG-related, but I worked on an OpenID-based private
federated login system called PseudoID that used blind signatures.
Basically, an identity provider will check your real identity, then issue
you a blindly-signed token which you can then later use to log in
pseudo-anonymously to an OpenID consumer. The consumer and provider can't
latter correlate your real identity with that login.
This was a summer project from an intern at the time and should be
considered a proof-of-concept. It does the unblinding crypto in
Here's the paper:
Here's the source:
Here's a demo video:
Here's a site that was the private ID provider demo:
Here was the blind-signer demo, which is broken since we accidentally let
the pseudoid.net domain lapse:
On Sun, Aug 18, 2013 at 1:08 AM, Jake <jake at spaz.org> wrote:
> Hello everybody,
> I am trying to form an anonymous opining sytem based on a single
> Registrar, whose signatures deify users' public keys with the mark of a
> Participant. But to protect the users from an evil registrar, blinding
> must be used.
> I have been told that blinding is already implemented internally to deter
> timing-based attacks, so this would be a matter of implementing a
> command-line option to blind a blob and save the blinding salts.
> I am not a cryptographer so I can only repeat what i've heard on this.
> Basically, a Participant generates a key pair (only for use in opining,
> not with their real identity) and wants to be able to prove, in public
> signed cleartext postings, that their public key has been signed by the
> Registar as an endorsement of Participation. But they don't want the
> Registrar to see their public key and correlate it with their real identity
> (their proof of eligibility for participation) because that would
> compromise their anonymity.
> So the Participant "blinds" their public key, presents that blob to the
> Registrar (along with their real identity) and receives the Registrar's
> signature of the blob. Then they take the blob home, and unblind it,
> revealing a perfect Registrar's signature of their public key.
> Please write if you can help me make this happen. I believe that the
> system i'm trying to create could have a very positive effect on democracy
> in the world, and hopefully make politicians into simple clerks whose job
> is simply to count the opinions and follow the will of the people.
> take care,
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography