 |
 |
|
On the (im)possibility of blind message authentication codes Ref:
Michel Abdalla, Chanathip Namprempre
and Gregory Neven. In D. Pointcheval, editor, Topics in
Cryptology - CT-RSA 2006, volume 3860 of Lecture Notes in Computer
Science, pages 262-279. Springer-Verlag, 2006. Abstract:
Blind
signatures allow a signer to digitally sign a document without being
able to glean any information about the document. In this paper, we
investigate the symmetric analog of blind signatures, namely blind message
authentication codes (blind MACs). One may hope to get the same efficiency
gain from blind MAC constructions as is usually obtained when moving
from asymmetric to symmetric cryptosystems. Our main result is a negative
one however: we show that the natural symmetric analogs of the unforgeability
and blindness requirements cannot be simultaneously satisfied. Faced
with this impossibility, we show that blind MACs do exist (under the
one-more RSA assumption in the random oracle model) in a more restrictive
setting where users can share common state information. Our construction,
however, is only meant to demonstrate the existence; it uses an underlying
blind signature scheme, and hence does not achieve the desired performance
benefits. The construction of an efficient blind MAC scheme in this
restrictive setting is left as an open problem.
Postscript
|
