A new blind signature protocol based on Schnorr signatures is presented that can be used in payment systems. Apart from its simplicity and efficiency, an important feature of the protocol is that it can be argued to imply a withdrawal protocol that is resistant to parallel attacks by a collusion of users. An essential property of the blind signature protocol is that the signer has complete knowledge of the receiver's secret key. Consequently, there's no protection whatsoever against framing by the bank in the proposed payment system. We therefore show how cryptographic protection against framing can be added again at the cost of introducing another trusted party, which is active during registration of the users only. A similar blind signature protocol can be based on Okamoto's variation of Schnorr's identification scheme, which is provably witness hiding.

Department of Computer Science [CS]

Schoenmakers, B. (1995). An efficient electronic payment system withstanding parallel attacks. Department of Computer Science [CS]. CWI.