This paper describes two attacks against blind decryption (decode)based on the commutative random-self re- ducibility and RSA systemsutilizing the transformability of dig- ital signatures proposed in2. The transformable digital sig- nature was introduced in 2,8for defeating an oracle attack, where the decrypter could be abusedas an oracle to release useful information for an attacker acting asa requester of blind decryp- tion. It was believed in 2,8 thatthe correctness of a query to an oracle was ensured by thetransformable signature derived from an original signature issued bythe decrypter in advance, and a malicious query to an oracle could bedetected before the blind decryption by the decrypter or would leadto release no useful information to an attacker.
展开▼