[cryptography] enabling blind signatures in GPG

Jake jake at spaz.org
Thu Aug 22 18:37:46 EDT 2013

Hi Jim and Alex,

Thanks for your help.  I am pretty overwhelmed by this stuff because I am 
not a cryptographer (although i am a coder) but I am very determined to do 
this.  So I am in over my head, but I have to keep going.

My main focus is to be able to implement blinding for signatures using 
an openPGP implementation (something open-source, which means GnuPG)

But when I say "signature" I DON'T mean the type of signature you do when 
you sign someone's public key.  I mean like when you sign a textfile or a 
binary blob.  As for revokation, I plan to have the CR (central registrar) 
"sign" peoples pubkeys using a key set to expire 12 months hence.  So 
there will be twelve pubkeys in use by the CR at any given time.

If someone loses their private key and is concerned that someone is using 
it to "vote" in their name, they can simply post a revokation signed with 
their pubkey (and accompanied by their endorsement) saying "revoked" and 
anyone doing a tally of signed screeds will blacklist their pubkey.  But 
they won't be able to participate in the system until 12 months after 
their last signing by the CR, because their realname is crossed off the 
list for that time.  The CR only tracks realnames, not pubkeys.

But to enforce anonymity from an evil CR, the voter will "blind" their 
pubkey into an unreadable blob before having the CR put a signature around 
it.  The CR will do this with RSA with no padding, so that the voter can 
take the result and "unblind" it into what looks like a signature of their 
pubkey (even though the CR never saw their pubkey).  Apologies if this is 
already obvious to you.

My highest priority is making this system understandable by as many people 
as possible, which will be a huge challenge.  Eventually there will be an 
iphone app and a javascript page (i know) and people will be able to use 
it no matter how simple they are.  So i definitely need to start with 
something I personally can understand.

Another very important feature of this system is that there is only one 
point of centralization:  the central registrar (CR).  Their job is to see 
the person's credentials (an ID or proof of residence or whatever proves 
they are a member of the set in question), sign (with unpadded RSA) 
whatever the person presents, and record the date and fact of this signing 
in a publicly accessible record.  And publish their pubkeys (one for each 
month, each expiring 12 months hence).

All other aspects of the system are decentralized.  Each enrolled person 
can post their opinions signed with their (signed) pubkey anywhere on the 
net they want.  Anyone can crawl and tally these opinions, and verify all 
signatures independantly, traceable to the CR's pubkeys.

The point of this is to make it so that a population (whether defined by a 
geographical area, or a voting district, or a cultural enclave, 
neighborhood, bolo, or entire nation) can choose a central registrar 
(trusted with a simple and mostly verifiable task) to enable an unmediated 
discussion between members.  If members stick to a machine-parseable 
format (copy tweet-length statements that they agree with, and are or will 
be trending), it will be possible for anyone to take a snapshot of 
opinion, guaranteeing accuracy of sentiment and one-person one-vote.

I have everything figured out except the blinding.  I am glad to give more 
detail to anyone interested but I can't do anything until I get blinding 
working because it's essential to the anonymity of participants.

Thank you for any help you can give,


More information about the cryptography mailing list