Question about Blind Signature

Hi! I have some stupid question about how to implement blind signature. I Know it works as follows: If A wants B to sign X but donot know it is X, A can send X*PK(random) : PK is public key of B Then B signs on message: SK(X*PK(random)) ==> SK(X)*random Then A can obtain SK(X) by SK(X)*random/random My question is when I see how RSA encrypts using PKCS The PKCS block is like this 00 01 FF FF FF FF ... 00 input Then SK(00 01 FF FF FF .. 00 input) . If the input = X*PK(random) then SK(00 01 FF FF FF .. 00 X*PK(random)) will not produce SK(X)*random How to solve this?? Thanks!!

My question is when I see how RSA encrypts using PKCS [desc. deleted] How to solve this??
You don't. Blind signatures only work with "pure" RSA. You cannot use PKCS encoding to perform blind signatures. PKCS nullifies the multiplicity that is required for these blinding techniques to work. -derek
participants (2)
-
Chein-hsinLiu
-
Derek Atkins