[Karl Barrus describes blinding]

Excellent post! Can you tolerate a few newbie questions?

Conceptually, when you blind a message, nobody else can read it.

So "blinding" is a synonym for encryption with your own public key, aka multiplication by a very-hard-to-factor number?

under the right circumstances if another party digitally signs a blinded message, the unblinded message will contain a valid digital signature.

In other words if Alice encrypts and Bob signs, Da(Db(Ea(M))) = Db(M)? Under what conditions? Does RSA (in PGP) satisfy those conditions?

If someone asks you to digitally sign a random stream of symbols, remember that what you sign may be unblinded to reveal a contract, etc.

For what applications would Bob want to sign an encrypted contract instead of a plaintext?