adding blind-signing to GnuPG

Jake jake at spaz.org
Sat Aug 31 13:45:12 CEST 2013 

I am working on a certified polling system, where a Central Registrar
enables participation in the polling by signing the keys of eligible
persons who have shown their credentials (such as a Photo ID)

Because this system is for expression of political opinions in the context
of Democracy, participants need to be guaranteed anonymity.  They will
generate a key-pair with a fake name, exclusively for use in this system.

However, to guarantee anonymity even from the Central Registrar, it is 
necessary to use rsa blinding to obscure users' keys from the registrar 
during signing.  Fortunately the cryptography to do this is already 
established, and is already in libgcrypt as rsa_blind() and rsa_unblind(), 
but those functions are not available to a regular user of gnupg.

I want to add two functions to gnupg; blind and unblind.  blind will take
data, supplied by the user, and pass it to rsa_blind() along with a random
number, and the public key of the target of the blind signing.

the output of this operation will be a blinded version of the data, and a
seperate file containing the modular multiplicative inverse of the random
number used for the blinding.  That seperate file will be automatically
named according to the current date and time, and the filename of the
unblinded data.

after having the blinded data signed by the target (whose job is to sign 
indecipherable blobs of data, and whose key is used only for that), the 
user feeds that signed blinded data into unblind, along with the public 
key of the target and the file containing the modular multiplicative 
inverse... and the result is the signed data that the user wants.

I would like to add these operations to gpg2 as --blind and --unblind, and 
to submit the implementation I create for review by the maintainers of 
gnupg.  That approval (if i can earn it) will be very valuable to give 
legitimacy to the system I am creating, since GnuPG has a great reputation 
and great auditing.

Please let me know what you think of this idea, and any advice you have
for me about it.  I know that there is a lot of work to do on GnuPG right
now and that this is somewhat of a tangent from the common use of gpg, but
I feel that it is very important and i'm prepared to do whatever work is
necessary to make it happen.

Thank you all for your time,
-jake

On Thu, 29 Aug 2013, Werner Koch wrote:

> (...)
> Before you put too much work into writing a patch, you may want to
> describe the problem and discuss it with us.
> 
> 
> Shalom-Salam,
>
>   Werner
> 
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>

More information about the Gnupg-devel mailing list