paseto-spec icon indicating copy to clipboard operation
paseto-spec copied to clipboard
verified publisher icon paseto-standard

Supporting interactive blind signature scheme

Open iacore opened this issue 2 months ago • 1 comments

I did a study on implementing blind signature scheme. https://codeberg.org/iacore/blind-signature

The only implementation so far is inside libgnunet and it's dubious. At least I can't understand it.

The best and most mature algorithm is Raichoo, using any pairing friendly curve family, 2 curve points as public key.

A "good" curve is BLS12-461. However, no constant time implementation exists for it. Not for BLS12-(any).

There are also signature scheme using Edwards-25519 but the algorithm is more complicated than using pairing friendly curves.

Why blind signature?

Anonymity, where the token issuer and token verifier cannot collude to identify the token holder.

iacore avatar Oct 03 '25 19:10 iacore

Blind signatures have their use cases, but they're not a good fit for PASETO. We're not aiming to provide any notion of anonymity (or even k-anonymity). I think a dedicated standard that focuses on these signatures would be more appropriate.

We've considered porting BLS-12-381 to PHP, via our secure PHPECC fork, but no one has expressed any interest in it previously.

paragonie-security avatar Oct 03 '25 20:10 paragonie-security