Plan B Network Developer Path

Plan B Network Developer Path

Blind Signatures Cryptography

3 min read

Blind Signatures Cryptography

← Return to Index

TL;DR

Blind Signatures are the “carbon paper” of cryptography. They allow a mint to sign a token without seeing its serial number, ensuring absolute privacy for the user while preventing double-spending.

Blind signatures are the foundational cryptographic primitive behind Chaumian eCash. They allow a party (the mint) to sign a message without ever actually seeing the contents of that message.

The Carbon Paper Analogy

Imagine slipping a blank piece of paper into an envelope lined with carbon copy paper on the inside. You hand the sealed envelope to a banker. The banker signs the outside of the envelope with a pen. Because of the carbon paper, the signature transfers through the envelope onto the document inside. When the envelope is returned to you, you open it and extract the signed document. The banker’s valid signature is on it, yet the banker never saw what the document was.

The Cryptographic Process (The Math)

In the context of Cashu and eCash, the “document” is a random token generated by the user, and the “signature” represents a specific denomination of Satoshi.

1. Preparation by the Mint

The mint generates different Long-Term Public Keys (K) for each supported denomination (e.g., 1 sat, 2 sats, 4 sats, 8 sats).

  • K = k * G (where k is the private key and G is the secp256k1 generator point).

2. Blinding (The User)

Alice wants to create an eCash token. She generates a random secret x (this will be the token’s serial number).

  1. Hash-to-Curve: She applies a one-way hash to x to map it onto the secp256k1 curve, resulting in the point Y.
  2. Blinding: She generates a random blinding factor r and blinds Y to create a blinded message B'.
    • B' = Y + r * G
  3. Alice sends B' to the Mint.

3. Signing (The Mint)

The mint receives B' and signs it by multiplying it by its private key k.

  • C' = k * B' The mint sends this blind signature C' back to Alice. The mint does not know the value of Y or x.

4. Unblinding (The User)

Alice receives C' and removes her blinding factor r using the Mint’s public key K.

  • C = C' - r * K Alice now possesses a valid signature C from the mint on her original hashed secret Y.
  • This combination of (x, C) is the eCash token.

5. Verification (Double-Spend Check)

When Alice pays Bob, Bob takes the token (x, C) to the mint.

  1. The mint checks the math: does C genuinely equal k * Y? If so, the signature is mathematically valid.
  2. The mint checks its database: has the secret x been seen before?
    • If no, the mint honors the token. It records x as spent, and issues a completely new, blind signature token to Bob.

Importance

This simple spatial transformation—moving the data into a “blinded space,” signing it there, and transferring it back to the “visible space”—decouples the issuance of funds from the spending of funds, creating an untraceable privacy system.

Graph View

Backlinks