Talk:Blind signature

I think the final equation in this article is not quite right:

s \equiv s' * r^{-1}\ (\mathrm{mod}\ N)

It should be something other than {-1} IMO.


 * The equation is correct. See the additional explanation. 83.79.54.219 19:48, 27 November 2006 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 1 one external link on Blind signature. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20110718231432/http://www.dominique-schroeder.de/data/publications/conference/security-blind-signature-abort.pdf to http://www.dominique-schroeder.de/data/publications/conference/security-blind-signature-abort.pdf
 * Added tag to http://www.maniora.pl/?p=101&lang=en

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.— InternetArchiveBot  (Report bug) 05:32, 4 November 2016 (UTC)

it's a joke?
If an attacker asks someone to sign a meaningless, random message, he can obtain the signature of a message of his choice?

It means, the RSA cryptosystem can only be used to sign a hash value.

--84.118.82.226 (talk) 14:55, 18 February 2018 (UTC)


 * That is the case one way or another. Textbook-RSA is widely known to be insecure, both the decryption and the signature-version. Any cryptographer worth their money will tell you the same, but the myth is so widespread that most don't choose to fight windmills. (Secure versions of RSA exist, but the good one, notably RSA-OAEP and RSA-PSS require even more than just padding with randomness/hashing the message.) --Florian Weber (talk) 16:59, 26 February 2018 (UTC)

Deepak.maram (talk) 23:43, 6 May 2020 (UTC)

It is incorrect that hashing allows you to achieve one message, signature pair per a blind sign issuance. The user still has the two pairs discussed in the text. I do not see that claim being made in the cited paper either. Instead, the paper (https://eprint.iacr.org/2001/002.pdf) uses a more subtle argument to argue security, wherein the adversary needs to invert a chosen target.