-
Notifications
You must be signed in to change notification settings - Fork 0
Protocol Specification
Altug Tatlisu edited this page Dec 6, 2025
·
1 revision
Implementation of Chaum's blind signature protocol (CRYPTO '82) with RSA-3072.
| Parameter | Value | Security Level |
|---|---|---|
| RSA Modulus | 3072 bits | 128-bit |
| Public Exponent | 65537 | Standard |
| Hash Function | SHA-256 | 128-bit |
| CSPRNG | OS-provided | - |
Client generates token:
serial = random(256 bits)
message = SHA256(serial)
blinding_factor = random() mod n
blinded_message = message × (blinding_factor^e) mod n
Server signs blinded message:
blind_signature = blinded_message^d mod n
Client unblinds signature:
signature = blind_signature × (blinding_factor^-1) mod n
Server verifies token:
message = SHA256(serial)
recovered = signature^e mod n
valid = (message == recovered)
- Redis:
EXISTS serial(O(1) check) - PostgreSQL:
SELECT serial FROM redeemed_tokens - Both must return false
Atomic transaction:
BEGIN;
INSERT INTO redeemed_tokens (serial, ...) VALUES (...);
-- Redis: SET serial 1
COMMIT;Server cannot link withdrawal to redemption:
- Blinding factor unknown to server
- Statistical independence of blinded and unblinded signatures
Cannot create valid token without server signature:
- RSA signature scheme security
- 3072-bit modulus provides 128-bit security
Guaranteed by atomic operations:
- Redis provides fast duplicate detection
- PostgreSQL ensures persistence
- Both checked before acceptance