Hal <hfinney@shell.portal.com> wrote:

From: ljo@ausys.se (Johansson Lars)

...

Does anyone know whether David Chaum's patent on blind digital signatures extends to this application?

[Parts omitted]

It's conceivable that Kocher's blinding would be a patentable technique in itself, and not impossible that he has already applied for a patent before publishing. Probably he would have said so if that were his intention, though.

I just found this at RSA:s <http://www.rsa.com/rsaqa.htm> home page:

Q: Has RSA been "broken"?

A: No. The attack that Paul Kocher describes is academically interesting, but it is >easy to defend systems against his attack using a technique called "blinding", developed by Dr. Ron Rivest of RSA. ^^^^^^^^^^^^^^^^^^^^^^^^^ When did Dr. Rivest develop this "blinding" technique? Was it pre or post Chaum? Perhaps Rivest himself have applied for this patent.

More info from RSA:s home page:

Another way is to use a technique called "blinding", in which a random number is introduced into the decryption process, making it impossible to get any useful >data out of timing these transactions.

so instead of doing the usual RSA decryption:

m = c^d mod n

we perform:

m = r^-1*(c*r^e)^d mod n

where r is a random number, and is its inverse.

/Lars