TIL there's a draft RFC for oblivious-PRF based blind signing scheme (so distinct from both old RSA type, and also Chaumian or Brands type using Schnorr ).


Some background on what this is and why it's interesting; first, see: "privacypass":


... an extension you can use to bypass captchas by using blinded tokens. I'm not sure of current real world status, especially w.r.t using Tor browser, which is where it's be *really* useful!


Now, this scheme ("OPRF") is really nice from my angle, because the protocol is really surprisingly simple (it's similar to say Schnorr blind sigs, but if anything, more intuitive). They summarize it very nicely here:


I was reminded of it today because thinking about use of the "DLEQ" primitive - discrete log equivalence proof - which is used in Joinmarket for "one time tokens" but is currently under discussion on the LN dev mailing list:



Show thread

(click 'thread' to see whole discussion)

The difference between the Joinmarket and Lightning use cases (which are both about arranging to create transactions cooperatively, 'coinjoin' in some sense or other, but between untrusted entities), and the privacypass use case, is that the latter is client-server, which is the classic scenario for blind signing.

That second scenario applies both for Wasabi and Tumblebit.


Sign in to participate in the conversation
unidentified instance

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!