Chaumian Blinding(Blinded Signatures) and it’s use case in Bitcoin’s Ecosystem

Bitcoin is touted as one of the most censorship-resistant digital currencies in existence today. It achieves this because of it’s decentralized peer-to-peer network which operates without the need for central verification or regulation. However, the network in itself is met with certain limitations such as privacy, scalability and user experience. Many protocols/services have been built on top Bitcoin to help solve these limitations. However, these services hardly ever retain the same level of decentralization as the base network and can be seen as possible focal point for sabotage by corrupt individuals, malicious attackers or even government censorship. As possible solutions to this problem were being explored, certain individuals turned to Chaumian Blinding as a privacy solution to second layer applications or protocols built on top Bitcoin.

What is Chaumian Blinding?

Chaumian blinding is a technique that improves privacy in an automated system. It allows activities, or in the context of Bitcoin, transactions to be carried out without any party knowing who is involved in the transaction, or it’s details. It does this by utilizing blinded signatures, a type of in which the content of a message is disguised (blinded) before it is signed.

How does it work?

We will attempt to explain chaumian blinding using a commonly used analogy simulating an anonymous electronic voting system. we will be using two diagrams to explain the voting process:

Sending Vote to Trustee

Sending a vote to trustee

The voting process goes as follows:

1. The elector votes on a piece of paper.
2. That vote is placed in a carbon paper envelope. This means that the trustee can sign both the envelope and the vote from outside without opening or viewing the vote.
3. Wraps the vote envelope inside another envelope containing his own address.

Trustee verifying(Signing vote)

Receiving and signing vote

4. Trustee receives vote in letter and opens the outside envelope to take out the carbon paper envelope

5. He signs on the envelope containing the vote thus verifying(signing) the vote simultaneously

6. He wraps the signed envelope inside another envelope and sends it back to the address that was on the outer envelope(elector’s address)

Casting Vote

7. Vote has been signed. trustee can then take out the received vote from the letter and send to the trustee without his address on it this time

8. Trustee receives the signed vote and looking at the signature he can confirm the vote is a valid one but he won’t be able to tell who sent it

Tying the Pieces together

The analogy above explains in simple terms how chaumian blinding works. Let us now explain how the technique achieves this in technical terms. There are three functions associated with the Chaumian blinding cryptosystem that can make this anonymous electronic voting system possible

• A signing function ‘S’ which is only known to the signer of the transaction, in this case, the bank. It has a corresponding inverse function ‘S`’ which is publicly known. The signing function can be seen as the ‘signature’ of the trustee. Only the signee can produce it
• A commuting function ‘C’ and its inverse ‘C`’, both known only to the provider, in this case, Adrian. The commuting function ‘C’ and its Inverse ‘C`’ are created in such a way that : C`(S(C(x))) -> S(x). This can b
• A redundancy checking predicate ‘r’. Which checks if no one has tampered with your blinded signature

Real world applicactions of Blinded Signatures in the Bitcoin ecosystem

1. Chaumian blinding can be utilized to achieve privacy in Coinjoin services. Coinjoin is a technique that combines transaction outputs owned by different users into a single transaction in order to obscure the transaction trail and improve on chain. An example of this can be found in zerolink, a framework used by prominent coinjoin services such as Wasabi and Samourai
2. Federated Mint protocols such as fedimint serve which as an alternative to centralized exchanges where funds are held for users by a single body make use of Blinded signatures to achieve privacy and anonymity
3. As explained above, custodial wallets are wallet services that hold it’s funds on behalf on it’s users. These wallets services usually identify all users that make use of it’s services and are subject to regulations of the government body where it is being operated.

Further Reading
For more context on how the technique works, you can check out the following resources:

Chaumian Blinding - GeeksforGeeks

What Is Chaumian eCash in Bitcoin? - The Bitcoin Manual

Blind Signatures & eCash | Fedimint