A framework for universally composable non-committing blind signatures

Abstract

This paper studies non-committing type of universally composable (UC) blind signature protocols where an adversary does not necessarily commit to a message when requesting a signature. An ordinary UC blind signature functionality requires users to commit to the message to be blindly signed. It is thereby impossible to realise in the plain model. This paper first shows that even non-committing variants cannot be realised in the plain model. We then characterise UC non-committing blind signatures in the common reference string model by presenting equivalent stand-alone security notions under static corruption. The usefulness of the characterisation is demonstrated by showing that Fischlin's basic stand-alone blind signature scheme can be transformed into a UC non-committing blind signature protocol without using extra cryptographic components. We extend the results to the adaptive corruption model and present analogous notions, theorems, and constructions both in the erasure model and the non-erasure model.