From: jim bell <jimbell@pacifier.com>
To: Hal <hfinney@shell.portal.com>
Message Hash: 3d300d71ff0c99d0b49760b19afd60a48760fa11cca25472d68683510b4b5947
Message ID: <m0tPynk-0008yYC@pacifier.com>
Reply To: N/A
UTC Datetime: 1995-12-14 00:16:31 UTC
Raw Date: Thu, 14 Dec 1995 08:16:31 +0800
From: jim bell <jimbell@pacifier.com>
Date: Thu, 14 Dec 1995 08:16:31 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: Blinding against Kocher's timing attacks
Message-ID: <m0tPynk-0008yYC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 01:27 PM 12/12/95 -0800, you wrote:
>From: ljo@ausys.se (Johansson Lars)
>> Does anyone know whether David Chaum's patent on
>> blind digital signatures extends to this application?
>
>I don't think it would. Chaum's blinding protocol has one major
>difference: the blinding factor is applied by a different person than
>the one doing the signing. The purpose of the blinding is different,
>too; in Chaum's case the idea is to end up with a signature which is
>unknown to the signer, while with Kocher's "defensive blinding" the
>signature (or decryption) is an ordinary RSA one, and the blinding is
>just done internally by the signer to randomize the timing.
One thing I haven't heard mentioned would be the possibility of using TWO
blinding factors, by two different people, to blind the unsigned cash. As
you may know, I'm interested in payee-anonymous systems as well as
payer-anonymous ones, and such a feature might assist in this.
Return to December 1995
Return to “jim bell <jimbell@pacifier.com>”
1995-12-14 (Thu, 14 Dec 1995 08:16:31 +0800) - Re: Blinding against Kocher’s timing attacks - jim bell <jimbell@pacifier.com>