On Fri, Nov 29, 2013 at 7:27 PM, Nick Mathewson nickm@torproject.org wrote:
Appendix A. Signature scheme with key blinding [KEYBLIND] ... See [KEYBLIND-REFS] for an extensive discussion on this scheme and possible alternatives. I've transcribed this from a description by Tanja Lange at the end of the thread. [TODO: We'll want a proof for this.]
A security proof for this scheme is available at: https://www-users.cs.umn.edu/~hopper/basic-proof.pdf (LaTeX sources at https://www-users.cs.umn.edu/~hopper/hs-identity-proof.git)
It would be fantastic to get comments/discussion from the tor-dev community ahead of publishing this as a Tor Project tech report.