News

2022-2: Adding Schnorr's Blind Signatures to Taler

Gian Demarmels and Lucien Heuzeveldt have finished their Bachelor's thesis which adds a second blind signature scheme to GNU Taler.

Introduction video

Abstract

The goal of this thesis is to improve Taler’s performance and provide cipher agility by adding support for Schnorr’s blind signatures. To achieve this goal, the current state in research for Schnorr signatures needs to be analyzed. After choosing a signature scheme, it has to be integrated into the Taler protocols. Besides implementing the redesigned protocols in Taler, an implementation of the cryptographic routines is needed. The paper ”Blind Schnorr Signatures and Signed ElGamal Encryption in the Algebraic Group Model” from 2019 (updated in 2021) introducing Clause Blind Schnorr Signatures is used as theoretical basis for our improvements. The paper explains why simple Blind Schnorr Signatures are broken and how the Clause Schnorr Blind Signature scheme is secured against this attack.

Compared to the currently used RSA Blind Signatures, the new scheme has an additional request, two blinding factors instead of one and many calculations are done twice to prevent attacks.

The Taler protocols were redesigned to support the Clause Blind Schnorr Signature scheme, including slight alterations to ensure abort-idempotency, and then further specified. Before starting with the implementation of the redesigned protocols, the cryptographic routines for Clause Blind Schnorr Signatures were implemented as part of the thesis. All of the implemented code is tested and benchmarks are added for the cryptographic routines.

Multiple results were achieved during this thesis: The redesigned protocols Taler protocols with support for Clause Blind Schnorr Signatures, the implementation of the cryptographic routines, the implementation of Talers core protocols and a detailed comparison between RSA Blind Signatures and Clause Blind Schnorr Signatures. Overall, the Clause Blind Schnorr Signatures are significantly faster, require less disk space, and bandwidth and provide cipher agility for Taler.

Supplemental material