We propose the first constructions of anonymous tokens with decentralized issuance. Namely, we consider a dynamic set of signers/issuers; a user can obtain a token from any subset of the signers, which is publicly verifiable and unlinkable to the issuance process. To realize this new primitive we formalize the notion of blind multi-signatures (BMS), which allow a user to interact with multiple signers to obtain a (compact) signature; even if all the signers collude they are unable to link a signature to an interaction with any of them. We then present two BMS constructions, one based on BLS signatures and a second based on discrete logarithms without pairings. We prove security of both our constructions in the Algebraic Group Model. We also provide a proof-of-concept implementation and show that it has low-cost verification, which is the most critical operation in blockchain applications.
History
Primary Research Area
Algorithmic Foundations and Cryptography
Name of Conference
ACM Conference on Computer and Communications Security (CCS)
CISPA Affiliation
Yes
Page Range
1508-1522
Publisher
Association for Computing Machinery (ACM)
Open Access Type
Hybrid
BibTeX
@conference{Karantaidou:Renawi:Baldimtsi:Kamarinakis:Katz:Loss:2024,
title = "Blind Multisignatures for Anonymous Tokens with Decentralized Issuance",
author = "Karantaidou, Ioanna" AND "Renawi, Omar" AND "Baldimtsi, Foteini" AND "Kamarinakis, Nikolaos" AND "Katz, Jonathan" AND "Loss, Julian",
year = 2024,
month = 12,
pages = "1508--1522",
publisher = "Association for Computing Machinery (ACM)",
doi = "10.1145/3658644.3690364"
}