Crate blind_rsa_signatures

Source
Expand description

Author-blinded RSASSA-PSS RSAE signatures.

This is an implementation of the RSA Blind Signatures proposal, based on the Zig implementation.

use blind_rsa_signatures::{KeyPair, DefaultRng, Options};

let options = Options::default();

// [SERVER]: Generate a RSA-2048 key pair
let kp = KeyPair::generate(&mut DefaultRng, 2048)?;
let (pk, sk) = (kp.pk, kp.sk);

// [CLIENT]: create a random message and blind it for the server whose public key is `pk`.
// The client must store the message and the secret.
let msg = b"test";
let blinding_result = pk.blind(&mut DefaultRng, msg, true, &options)?;

// [SERVER]: compute a signature for a blind message, to be sent to the client.
// The client secret should not be sent to the server.
let blind_sig = sk.blind_sign(&mut DefaultRng, &blinding_result.blind_msg, &options)?;

// [CLIENT]: later, when the client wants to redeem a signed blind message,
// using the blinding secret, it can locally compute the signature of the
// original message.
// The client then owns a new valid (message, signature) pair, and the
// server cannot link it to a previous(blinded message, blind signature) pair.
// Note that the finalization function also verifies that the new signature
// is correct for the server public key.
let sig = pk.finalize(
    &blind_sig,
    &blinding_result.secret,
    blinding_result.msg_randomizer,
    &msg,
    &options,
)?;

// [SERVER]: a non-blind signature can be verified using the server's public key.
sig.verify(&pk, blinding_result.msg_randomizer, msg, &options)?;

Modules§

reexports

Structs§

BlindSignature
A blind signature
BlindedMessage
A blinded message
BlindingResult
Result of a blinding operation
DefaultRng
Default random number generator
KeyPair
An RSA key pair
MessageRandomizer
A message randomizer (noise added as a prefix to the message)
Options
Options
PublicKey
An RSA public key
Secret
A blinding secret factor
SecretKey
An RSA secret key
Signature
A (non-blind) signature

Enums§

Error
Hash
Hash function for padding and message hashing