On The Security of One-Witness Blind Signature Schemes
Blind signatures have proved an essential building block for applications that protect privacy while ensuring unforgeability, i.e., electronic cash and electronic voting. One of the oldest, and most efficient blind signature schemes is the one due to Schnorr that is based on his famous identification scheme. Although it was proposed over twenty years ago, its unforgeability remains an open problem, even in the random-oracle model. In this paper, the authors show that current techniques for proving security in the random oracle model do not work for the Schnorr blind signature. Their results generalize to other important blind signatures, such as the one due to Brands.