Chaumian Blinding

Chaumian Blinding is a technique for carrying out a transaction, without revealing who all are present at both sides of the transaction, the time of transaction, or the contents of the transaction even to the centralized figure who approves the transaction. Chaumian Blinding was developed by an American cryptographer named David Lee Chaum. He published this technique in his paper called ‘Blind Signature for Untraceable Payments’.

Consider the case of a money transaction between two persons Adrian and Becky through a bank. In the normal case scenario, the transaction is not anonymous, the bank knows all the details of the transaction between Adrian and Becky. By using Chaumian Blinding, the transaction can be made anonymous to the bank.

There are three functions associated with the Chaumian blinding cryptosystem:

• A signing function ‘S’ which is only known to the signer of the transaction, in this case, the bank. It has a corresponding inverse function ‘S`’ which is publicly known.
• A commuting function ‘C’ and its inverse ‘C`’, both known only to the provider, in this case, Adrian.
  The commuting function ‘C’ and its Inverse ‘C`’ are created in such a way that : C`(S(C(x))) -> S(x)
• A redundancy checking predicate ‘r’.

Suppose Adrian has a certificate ‘x’ with him which contains a serial number and the amount of money to debit from his account. To transfer the money effectively, he needs the bank to sign the certificate, thus ensuring that the certificate is legit. He can then give that certificate to the merchant, in this case, Becky. Becky can use this certificate to credit the money in her account. The bank will be able to identify the entities involved in the transaction by comparing the serial number of the certificate.

To provide anonymity, Adrian must encrypt the certificate using the function C, before sending it to the bank.

C(x)  ->  Cipher text 

So, the bank receives cipher text from Adrian, which makes no sense to the bank. Adrian wants the bank to sign the cipher text. Adrian achieves this unreasonable task by imparting a blind trust with the bank. [Blind trust is explained at the end of the article].

So, the bank signs the encrypted certificate with the signing function ‘S’.

S(C(x)) 

The signed encrypted certificate is sent back to Adrian. Adrian uses the inverse function ‘C`’ on the certificate to get the ‘signed certificate without Adrian’s encryption’.

C`(S(C(x)))  ->  S(x) 

Adrian sends this signed certificate to Becky. Becky can verify the signed certificate by using the inverse signing function ‘S`’.

S`(S(x))  ->  x 

Becky sends the certificate to the bank and after verifying the authenticity of the certificate by using the inverse signing function ‘S`’, the bank credits the amount of money to Becky’s account. The bank doesn’t know the sender since they know nothing about the certificate.

What is blind trust ?
Let’s take the above said scenario. Adrian and the bank will have a blind trust in the following way:

The bank asks Adrian to send ‘n’ number of encrypted certificates which are similar to that he wanted to send. [Assume that n is 1000]. The amount of money is same for all the certificates, only the serial number changes. Adrian creates 1000 certificates [which includes the already created one], and sends all of them to the bank. The bank, then selects any one of the certificates randomly, and asks Adrian for the key to decrypt each certificate, except for the one which it had selected.

Adrian sends the 999 keys to the bank. It checks each of the 999 certificates to ensure that all of them contain the same amount of money. If all of them contain the same amount of money, then the bank blindly trusts that the remaining one certificate also contains the same amount of money and signs that encrypted certificate even without knowing the serial number of that certificate.