Privacy Illusion: Subliminal Channels in Schnorr-like Blind-Signature Schemes

Privacy Illusion: Subliminal Channels in Schnorr-like Blind-Signature Schemes

Blind signatures are one of the key techniques of Privacy-Enhancing Technologies (PETs). They appear as a component of many schemes, including, in particular, the Privacy Pass technology. Blind-signature schemes provide provable privacy: the signer cannot derive any information about a message signe...

Full description

Saved in:
Bibliographic Details
Main Authors: Mirosław Kutyłowski, Oliwer Sobolewski
Format: Article
Language:English
Published: MDPI AG 2025-03-01
Series:Applied Sciences
Subjects:
blind signatures
linking
malicious implementation
watchdog
kleptography
anamorphic cryptography
Online Access:https://www.mdpi.com/2076-3417/15/5/2864
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Blind signatures are one of the key techniques of Privacy-Enhancing Technologies (PETs). They appear as a component of many schemes, including, in particular, the Privacy Pass technology. Blind-signature schemes provide provable privacy: the signer cannot derive any information about a message signed at user’s request. Unfortunately, in practice, this might be just an illusion. We consider a novel but realistic threat model where the user does not participate in the protocol directly but instead uses a provided black-box device. We then show that the black-box device may be implemented in such a way that, despite a provably secure unblinding procedure, a malicious signer can link the signing protocol transcript with a resulting unblinded signature. Additionally, we show how to transmit any short covert message between the black-box device and the signer. We prove the stealthiness of these attacks in anamorphic cryptography model, where the attack cannot be detected even if all private keys are given to an auditor. At the same time, an auditor will not detect any irregular behavior even if the secret keys of the signer and the device are revealed for audit purposes (anamorphic cryptography model). We analyze the following schemes: (1) Schnorr blind signatures, (2) Tessaro–Zhu blind signatures, and their extensions. We provide a watchdog countermeasure and conclude that similar solutions are necessary in practical implementations to defer most of the threats.
ISSN:2076-3417

Similar Items