What is a blind signature, and what is its role in e-voting?
A blind signature lets the signer (e.g. an election authority) digitally sign a document without seeing its contents. The signer attests "this signature was issued by me" without knowing what was signed.
The paper analogy: Alice puts her ballot inside a sealed envelope along with a piece of carbon paper. The election authority signs the outside of the envelope (confirming Alice is an eligible voter). The carbon paper transfers the signature through to the ballot inside. Alice removes the ballot — now signed and verifiable, but the authority never saw which option she ticked.
Mathematical version (RSA-style):
- Alice has a ballot
m. She picks a random blinding factorr. - She computes
m' = m · r^e mod n(the ballot "blinded" with the signer's public key). - She sends
m'to the signer (who can't recoverm). - Signer computes
s' = (m')^d mod nand returns it. - Alice unblinds:
s = s' / r mod n = m^d mod n.
s is a valid RSA signature on m, made by the signer, even though the signer never saw m.
E-voting application (two phases):
- Phase 1 — Registration: Alice identifies herself to the Wahlamt (election authority), gets her blinded ballot signed.
- Phase 2 — Voting: Alice unblinds and submits the now-signed ballot to the public tally board. The board verifies the authority's signature (so they know it's from an eligible voter) but has no way to link the ballot back to Alice.
Result:
- ✅ Authentication — only signed ballots count.
- ✅ Anonymity — the link Alice ↔ ballot is broken by blinding.
- ✅ Verifiability — anyone can check the authority's signatures on all counted ballots.
Inventor: David Chaum, 1982 — same person who invented digital cash (DigiCash) using the same trick.
Tip: Blind signatures are the cryptographic ingredient that makes the long-standing democratic principle "secret ballot + authenticated voter" implementable electronically. The mechanism feels paradoxical at first reading and is worth working through on paper.