Have You Been Naughty or Nice: A Privacy-Preserving and Trusted Message To Santa: Partially Blinded…

I wrote about blinded signatures here:

Have You Been Naughty or Nice: A Privacy-Preserving and Trusted Message To Santa: Partially Blinded Signatures?

I wrote about blinded signatures here:

Do You Remember Carbon Copies? Here’s Blind Signatures.
Do you remember the days of carbon copies? Well, they were often used as a receipt, and where there was blue carbon…medium.com

and where Trent could sign Bob’s message, but where Trent could not see the message he was signing. But what’s to stop Bob from getting Trent to sign something that he doesn’t want to sign? For this, we can use a partially blind signing method, where Trent gets to see the metadata of the message but not the message:

Now, let’s say that Santa has an Elf who digitally signs the messages to Santa. But, we don’t want the Elf to read the letter, but for the Elf to sign that it has been processed by the Elf. But, Santa receives lots of letters, and not just Naughty or Nice ones. So, Bob sends the Elf this Naughty or Nice letter, but adds some metadata to identify that it is a Naughty or Nice letter. The Elf can then read the metadata and know it’s for Santa’s present list, but can see if Bob has been naughty or nice.

So, it could be:

Bob message: “Bob has been nice this year”

Bob’s meta data: “Bob’s naughty or nice letter to Santa”

The Elf signs off the blinded message with his private key, and Santa reads it, and delivers Bob a present on that special day.

Blinded signature

Now, let’s see if we can use a carbon copy to allow Bob to cast a trusted vote in an election. First, Bob makes his vote on a piece of paper and then puts it into a special envelope. He gives this envelope to Peggy, and who seals it. But, there is a special place for Peggy to sign on the envelope, which has a carbon copy strip. When she signs the outside of the envelope, her signature is copied to the vote inside the envelope. So, when Victor opens up the envelope, he examines Bob’s vote and can see if it has been signed by Peggy, and so he trusts the vote. Overall, Peggy never gets to see Bob’s vote but can sign for it.

In a digital form, Peggy (the “prover”) creates a key pair: a public key and a private key. She will sign with her private key and then prove her signature with her public key.

With a blinded signature, Bob creates a blinded version of his message for Peggy to sign with her private key. She thus cannot see what the message is that she is signing. Then, Bob will unblind the message and send the signature to Victor (the “verifier”), and who will verify it with Peggy’s public key.

Blind Signatures

A blind signature allows Bob to hide the content of a message before it is signed by a trusted entity (the signer). This is typically used when the creator of a message is different from the entity which signs it. For example, Bob may blind the message (such as his vote), and then for Trent to sign it as being valid, but where Trent will not know the contents of the message (or his vote).

In traditional RSA, we sign with:

and where N is the modulus, and d is the decryption exponent. In a blinded version, we generate a random value of r and which is relatively prime to N (gcd(r,N)=1)). We then compute:

The value of m′ is then sent to the signing authority (Trent). The signing authority then computes the blinded signature as:

This is then sent back to the creator of the message, and who can then sign with:

This will remove the blinding factor, and now be signed by the signing authority, but will not reveal the message to them. Overall this will work because:

Thus we have a signature which is signed by Trent’s decryption key (d), and with the message of Bob (m).

The coding of a blinded signature is here:

https://asecuritysite.com/circl/circl_blind

Coding for a Partially Blinded Signature

We can use the CIRCL library from Cloudflare to implement [here]:

In the code (to save processing time) we have integrated static RSA keys, and then load up the verfier ad the signer with the blinded message and etadata::

key := loadStrongRSAKey(size)
	verifier := partiallyblindrsa.NewVerifier(&key.PublicKey, crypto.SHA512)
	signer, _ := partiallyblindrsa.NewSigner(key, crypto.SHA512)
	blindedMsg, _, _ := verifier.Blind(rand.Reader, message, metadata)
	blindedSig, _ := signer.BlindSign(blindedMsg, metadata)

We can use the CIRCL library from Cloudflare to implement:

package main
import (
 "crypto"
 "crypto/rand"
 "crypto/rsa"
 "crypto/x509"
 "encoding/hex"
 "encoding/pem"
 "fmt"
 "math/big"
 "os"
 "strconv"
 "github.com/cloudflare/circl/blindsign/blindrsa/partiallyblindrsa"
)
func ExportPublicKeyAsPemStr(pubkey *rsa.PublicKey) string {
 pubkey_pem := string(pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY", Bytes: x509.MarshalPKCS1PublicKey(pubkey)}))
 return pubkey_pem
}
func ExportPrivateKeyAsPemStr(privatekey *rsa.PrivateKey) string {
 privatekey_pem := string(pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privatekey)}))
 return privatekey_pem
}
func loadStrongRSAKey(size int) *rsa.PrivateKey {
 pEnc := "c93518f3695c19c3d742b43e12da4eb86d49d92cadaf3cbf42f2498a4cb0605f3c48c2779c0232869cf2e66bcb498818c9aaaa7c6527394808f2f24c0318d304e235faf1ad9c82e03a62d0999118dc9344adbb05abb8208e60faafdbac7f76a7cae7b8c576cdb960806fa59b4026bfcb96c1e8356c042e4c2e228b1560a8caaf"
 qEnc := "a8de748c1efe578b4459e07d94688efef70330670291821f0273f035e9d8ce86094c1b2a16aeb36be391a24bf5f850c8f3a3d3fd406acb6a41aa622d66fe1f4550193c3a50081e9c44b61ae12e14f2f1a466299f77c74a1e6b61b3c2404087d4533b37309cca11e92d772ad6009e61821aef33e92d3578df50592e95073e79d7"
 NEnc := "84b9b00590ede00c00069eab7faa638ce63928ed06b7c3c24a3bfee4425bab0323c35bcc4a7a291dd3ff1496b01a2c1b69074dc617fddf1dcd4943b417e398567f2cdc5476c1a57bfa98f6f80ed4712e4d12b45c8af8bfe555ec7c1f159bc7414921ab6fca9483696b98f5171dbffe6750de38ef0364da698c16a36267a94935ec4aa3a06517ec47973c572c9b0d0baa4c8fb35f1de19c19abd5343e17cdc6bc89a794c592c82ea10964252d044e94ef9a6a0adb57a1f4005ff8fbee09febf1de809c41aab88594e8ebb1ded26686286967816ab953a3399a427278fc80a545290eaa777756a87eb35141deb4634db4f043d3515201cbd3a151259ead4f0eff9"
 eEnc := "010001"
 dEnc := "2e67c6158c20bf8f328b1dfb147dfca48cf23b4ef46457fb9c7cf197d963b79d3769dcb4c6ed8366bc72993e3e80481fa54f3a70227f4efd5a835d3aa087a101cd21603fdfedc0f062240d6599b9c980c8cddb65e7e9251f0835d10805441c1cc577123bd9f6a723bacd1614690071f0a9a3a900588d70982ab4d797566b27ff4323f386b5e742119317bea2437ad329f4ef29f2c877d0222ea46acc8c70b12e40ccd25fa6c03d5758dfe61251c9280f28d9b2f18d9268b7425c7366216aa880f52f2e8b5d1d1b6e44ad0f3a54c17418c8091a3c8a9326213929d9ecbc217775ad580adf1fd6d0c1214443ac802e1a38d025cfac9268df93662f7004569b64e9"
 if size == 512 { // Note used ... too small
  pEnc = "dde950a7c628880b3c4795b7e9045ecb238db761c138ca277786ee5373ca7d73ac6f5c66ba6089e3e74d35bda7479e4c56e37fd7333a21183360a2465ac0f60f"
  qEnc = "9eaf5f8eece5c56825815659237ab60054c16d74493184cec6f24fbf164c120a3e3e18a4e2b761af9bbdce530a2ac890fc4bb847b76f207f95dc7e27606a8f7f"
  NEnc = "898e051b28b0bc7386f85a5623b97df3500dd3284ed0ed2793496efa0799164dbed2d5c0c485e4727c3fc57f197bab462e16a16815ad4574e181a7c20dc6cba22170f7ce6d3b5634d41f3d95c04c3dc0e3c647a75d3b8e62108e9501359d53800395f53583c1d1a4f8c7d82d134abf03b1cd994a02790a7007249c0d51627271"
  eEnc = "010001"
  dEnc = "696b303a9a3aa8929953e857afd54ed393fca46175d5e48ab9f4435ad74bd9ae079aa93aace2382c0d510a58d7fcd14c5db1f64d409fa4656915e6ad6fc574f54ea07a6dabbf2bc0a591c5b3bfe0718d74a8bf4451061066df807f3936b777ac6bce73baa90e7845d547bbff6c75534944a678ad7ff83c628d3ec49d8f8fd489"
 }
 if size == 1538 {
  pEnc = "fd535ecd8b03af558b56d9fc9858e77f0f5b7345af095a85c00879002d77410d7a0cfdf18114a7ed0ce4a87673ab212054193e7c2b763d586a65a9310de4f10209bf278b5dbfe2d1cfd71241d853f1b3b83834f465c9a0b71726d4713c660246dda7e977576a1b3bb33d86a4a31391aa1e81c7a90ca1bf5b01a6d1e3c4c1064f5fe4e6271140d002190b1990d22dc28f76f3cca7d4f08e26f6a2498b9dafe7de3ba95569903e55f6d7d7b41848c891427e2bcf7b3f7e4071565b9168a6b50db3"
  qEnc = "e3ab548392c0de2cb00187fc893385d0c8e0b2450d70d352aacf2160aef8018299ffc458f0980d4d96d7afaab7b4f30a3a1b7313c9a48d8011c4682a22ab35d6eb7acb5cb048016ed7fa9ce243dc808de7a5e65abe3d20ebf9db887cc2b460318b99b69d2c70f50a9c9d73ec07bc00454f0fe04d815643c09006dd35b9b94f5d49133debfaecff43f8db3cfe0a11378bb4c368a525020f6d90aec36ca882b284e778ed781f166bf1c401f758fb2e9f1a2cf26af32931e1a70752080ba64abb67"
  NEnc = "e14a7762238d7b2d29429c824f4bc5db5391e6b1e679381a9aa990246539189a3380be9ffd5b238d8f73c4f07d87a1fa91b1dd3404b766ae0da76cbc82bd2a5901eb390bd36123e3a301a8fafcb0f2c8a6aaceba85cbfc4bac26f5f274503b2f89476ea77516be96a9570997935a92fa483275c8e2b97aa3c8ea640490b1a13fff8f1ed71d1ba03b035300968d4563499d7e896595c1622a376bbdeb30bd5b6b38fff0b49923f2b4ca106609279f65318067346ec00e68836f37bda3f983807fe1c2299c98d30a3f283f9a67fcbba8e61f1187e5cb94da16c8523bbbb98d93317d8c807a4ba4cc1ce60c8cb833ed0b91f2b8fd623d89c3ddba473ee90ae72c36948a2fcd6d43f6431d36084efea3c37e9ee785c8b3905bcd0d0fd99ae2255415c864348745ade51f525fe9372d4cac0238646bcba4cc53b8e6513c0ca7b148556163690af316177f888a73641cad017ed10efe5371cabcd79b3844eca5f82d5e25bee9fb0a77b1eea2af65dc10b5ee4d681810ac11992f48a0f3b8ca5b984405"
  eEnc = "010001"
  dEnc = "3014163a29602e234b24de05a92a8084f7e6b116d21a987085051eafc5b2539fc4d1fadc65d32759347dfe4f5c5aafa4aba70b8fe859c35deda8073a8ba416ff7bbb59273eeb021fb84fc86217bf2370d2b0ad017d40350d6925bf6308937eadfc5bf42f647b801ce2f2a22768d8f178dc2378a3704f28eeff179654ab145d572d10bc0228421705c105dba04571c3689865c2a89d36f1de1489b7b41368b5b3c22c4c901e065feb591bfaca855c2cda4d8eb8cfd1c8c1611b410805906011f1d1f3e4b0e3080a72bf13f125273d8337e4d1f0f581d9ad5c79d28bd0ba5397dd7a883a6c37d60bfc292eb8aa6ab6baada3f3dfc27696c829e8418dd132015431d0a7ecf6fe45f189f8c77b87fd5fa2bca3a8bcc248719326d695823fdb0c20d7f6cf88629d1e8331f4a9adcc77187f91f71ad7940815334700230f176d7a3e7ae7306d3d82579be237817a6dc01c3b1376dbaf18e4468915658ff88efc494bbea9a608bb0e89fc332d0e3b844341898370b0d899bc0c503636852676d5129159"
 }
 if size == 2048 {
  pEnc = "a97a899b9a5d430ab480e492e45e8066187c45429e5ad17583870a7f3d5ef7b58c471e8dd3ab2bf40fecad3dbeeb2a2679cecd382d281e54f9c1e7edc3710edd010d42e947fe2ad51f58ef2e19ea66da582e24754ad0358c1d455c7066d70eb7bc987807255439d55705f3edca88118e4ce9f2e8487966f7cdc41a13010d4acd0ca5f3d7170df3921861d16b560d3732f112adfe753cc9414ddb0eb15e0da18455f760b156f8ec56a2323b8cc66fb87a0f135f4c1b1381663f321af9844fc961f28687cfd005b5bb7fc20a2a9dc0fdeade251518198c84bd26530bf01a2d327aa1c3806bbd38a0c2232d758a77aa9ca986bf95636a997d20df0a0548c7040813"
  qEnc = "f993f537113e64eeff25deb5212fe12684b41a3236e116cf9e293122f1de5445f48dbbd2b9ff689d540a207dbc5c2a6083d567d992f5b86e9a6536d598970f971ddc07faac7d7efaefdbebc3e92106b100f0eb4ef857d4b6a5a53975f16237f363ea021f4780b84ef115bc5a70243b3d2be937f961fbbcc91e7e16c045691cb9c4eb7f4d3f6d0ec13360fa615a679c0aaa3e5e5ae6a5dfa90d2278609d085e56fd0c579ccc035b546e54c3e54893cf409637cc3bf155fe798927923120aa63d90c2baf998829847d479963dbb35d119d992c19ccf01183e3bcf7f342d76311e262e5ff2c52e99528249b47893feefba770ff75de12c6b295adab628223fed547"
  NEnc = "a53a238c17ee468f1370169a3594748db35bd1acdbecbfc6b0eb5c8d21573482313c23b541381d4c0f9a32ba8b4012210c5a7099098298b5e28c3f22744b457b0b35ec4d9559200433a748857a3eca40f7bbf9a882b115c1ba162921bb99b6ae94f474dae0508c762f59aef39a7e28e82f5986fdce01440c6daa20f12ecc149ffc9451e13a8bc98117af5a9b2bcb2f73eca4bb455c0b89843f4cb850e35e182d5560a2409fcdb5fdfae84721470bfa1b26988691ccd704a2705006f245ae09fa08da63cfb4ebb23ed9729b41680171732909e3ef7390dc08f13345ccee0adea2e0ce5417bd642057c48ddcc752ea2bf9667c6b66d277d7c79745274d16d8f00419a8165f5093f46a2fe7069058e52f6547f2fef4fafd6c7af04095ca76a45ca7a7b0afdd7008e108ea3a5f6382e21bdde2b413bd3913c2c6dd5a9bd13d6fe7f021425dc0ec9ac6fad541b18d76b4a1fb293ae7f05a540ad7c159fec1b236687ef758ce8222bfafb868252be1bd0e9d22f9b66d3889bf63ca027b895153e99d67b9c5f69b7fc916ba1f8db168f878213779dea4abae765cfac0fe03da84ebec2ec8fc7fd1c5e259048bc1773f10904999a26ea859f14f4b65e0fef528da4a5270dbcb377a5800ffdf2ff7e5cea2e09b322735aa32a1f167673d9b0dfe771620bd543acabcf8ff4c4888b29a006a88e05e0b125ae6f1a8d5b53a6c678628b00c45"
  eEnc = "010001"
  dEnc = "4db6b7cb87e1f9ec07df7bb212ab7ddabc56de9b2862059dc5cf1e1bff678dfa02805fe73c02d1bcd9c5d4406b88ba3e331a42c5a87475b16f1a3a03d1a129d002e8dcf96cda9bb57e3a1b6134ab5de40ae1ae3eb521e7b2d3fce261cc64334990241ee668055adba7cfcdfb245a5c9140dc22233486e1e3da9cdf9bb1402a1f49e4d55253803649f2c2f6a1ef8a450a886ebeea93ad9583cf661d776649f6a333fa1cb6bab33dfb74cd55cf70245101fe38556b346699f6714f22c54742e1cc69e79674b68af9ae980650c205d24ff3338544617700d68d9a2d5c92541066c1436da89df5e5a754c0cd5cdf9fbf26e9ca6b90f4aedfd16d3e58377109e305989302110704fd08af0bb20a33758769909458b03ecd0365550d9055e78616130075d2866a93ea789aeb5ad2a2aed8fd1380efe2f2d215116a463ee27de9dc302794cf22912e5f2c0fd751688b7b6e458ca5dcc2e3920e8f43851d0fbbc46acc436054351f61c44460ec64a96efda5925665f7fe56eff5738312a1ec5e75a30fdf763864f1624b284b692890b0de2a37bde410c3694d0fcdecbc9d5413dac8f4bc18cbe7c3a19606e9088dea95513a4c61bebcb753de0ebb9899f4fb94b4acbaa3c8179f315fb1e1fe304c1006f775c2cd103f2e43c3f6caa80f0882bcf5538de0faebc2e55c65c8c49251ad28e3ccaa1e044df633432b7c6ffa730d7b9b39decd"
 }
 p := new(big.Int).SetBytes(mustDecodeHex(pEnc))
 q := new(big.Int).SetBytes(mustDecodeHex(qEnc))
 N := new(big.Int).SetBytes(mustDecodeHex(NEnc))
 e := new(big.Int).SetBytes(mustDecodeHex(eEnc))
 d := new(big.Int).SetBytes(mustDecodeHex(dEnc))
 primes := make([]*big.Int, 2)
 primes[0] = p
 primes[1] = q
 key := &rsa.PrivateKey{
  PublicKey: rsa.PublicKey{
   N: N,
   E: int(e.Int64()),
  },
  D:      d,
  Primes: primes,
 }
 return key
}
func mustDecodeHex(h string) []byte {
 b, err := hex.DecodeString(h)
 if err != nil {
  panic(err)
 }
 return b
}
func main() {
 msg := "Hello"
 md := "Bob's signature"
 size := 1024
 argCount := len(os.Args[1:])
 if argCount > 1 {
  msg = os.Args[2]
 }
 if argCount > 0 {
  size, _ = strconv.Atoi(os.Args[1])
 }
 if argCount > 2 {
  md = os.Args[3]
 }
 metadata := []byte(md)
 message := []byte(msg)
 key := loadStrongRSAKey(size)
 verifier := partiallyblindrsa.NewVerifier(&key.PublicKey, crypto.SHA512)
 signer, _ := partiallyblindrsa.NewSigner(key, crypto.SHA512)
 blindedMsg, _, _ := verifier.Blind(rand.Reader, message, metadata)
 blindedSig, _ := signer.BlindSign(blindedMsg, metadata)
 fmt.Printf("Message: %s\n", msg)
 fmt.Printf("Metadata: %s\n\n", md)
 fmt.Printf("\nPartially Blinded Message: (%d bytes) %+v\n", len(blindedMsg), fmt.Sprintf("%X", blindedMsg)[:400])
 fmt.Printf("Partially Blinded Sig: (%d bytes) %+v\n", len(blindedSig), fmt.Sprintf("%X", blindedSig)[:400])
 err := verifier.Verify(message, blindedSig, []byte(metadata))
 if err != nil {
  fmt.Printf("\nPartially Signature verified")
 } else {
  fmt.Printf("\nPartially Signature failed")
 }
 fmt.Printf("\nNote: Only showing the first 400 characters of Private Key, Message and Signature")
 fmt.Printf("\nRSA bits: %d\n\n", size)
 fmt.Printf("Private key:\n%+v\n", ExportPrivateKeyAsPemStr(key)[:400])
 fmt.Printf("\nPublic key:\n%+v\n", ExportPublicKeyAsPemStr(&key.PublicKey))
}

A sample run with RSA-1024:

Message: Bob has been nice this year
Metadata: Bob's message to Santa

Partially Blinded Message: (256 bytes) 2BEF2EC87292BE6F64690A21005159EC9C10AC874EF7B8AD74437AFAF9383474DAD65EAE052C7EA81C1B5DB55CE0F2EE05230FF20186E03DAA3428C2E604961A8853F1E0DADF5ED356F6AD22D38D292AE37518C74C26FE82A03F1229C9EFE2A4A8D6F95884FECDFDD892C969A05F8F1AEC895ACAD9EE46A4BE536C2C67878FE30FF090F5F840F33063A2ABC259373B1CF426766DD2FBD1DA50D5F6685C2AC76106F52BF6F554F407E732C00C7AD05674C435FB70F95D5C3BCF8077885C7A9EA61F50271B5C0E0FBE
Partially Blinded Sig: (256 bytes) 34CA8352564778D1DCC152EC30813E4E211DFABAAFE301093D26BFB0BC8C1B653E84949C1165EF78D6EFB409F1C07116A51F28CE8D4633347201769E2210C287E6291D02B314177ABDDA897276033B5506A78706BE4A19E6B6C92CE246C6D76E3A98979E586264216EB2B13FACE2F9BD44A4F5C8607456FA3E6259F34F7CF285AE384495E93FD2A069E34DC7914A884439757EF63AD8B0C33E576323BAEB086DE9929514C783302A20BCD634450AD35CB33E4255E9E657DAE0A6A98168DF11327A1BCBD471B4D62C
Partially Signature verified
Note: Only showing the first 400 characters of Private Key, Message and Signature
RSA bits: 1024
Private key:
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAhLmwBZDt4AwABp6rf6pjjOY5KO0Gt8PCSjv+5EJbqwMjw1vM
SnopHdP/FJawGiwbaQdNxhf93x3NSUO0F+OYVn8s3FR2waV7+pj2+A7UcS5NErRc
ivi/5VXsfB8Vm8dBSSGrb8qUg2lrmPUXHb/+Z1DeOO8DZNppjBajYmepSTXsSqOg
ZRfsR5c8VyybDQuqTI+zXx3hnBmr1TQ+F83GvImnlMWSyC6hCWQlLQROlO+aagrb
V6H0AF/4++4J/r8d6AnEGquIWU6Oux3tJmhihpZ4FquVOjOZpCcnj8gKVFKQ6qd3
dWqH6zUUHetGNNtPBD01FSAcvToVElnq1PDv+QIDAQA
Public key:
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAhLmwBZDt4AwABp6rf6pjjOY5KO0Gt8PCSjv+5EJbqwMjw1vMSnop
HdP/FJawGiwbaQdNxhf93x3NSUO0F+OYVn8s3FR2waV7+pj2+A7UcS5NErRcivi/
5VXsfB8Vm8dBSSGrb8qUg2lrmPUXHb/+Z1DeOO8DZNppjBajYmepSTXsSqOgZRfs
R5c8VyybDQuqTI+zXx3hnBmr1TQ+F83GvImnlMWSyC6hCWQlLQROlO+aagrbV6H0
AF/4++4J/r8d6AnEGquIWU6Oux3tJmhihpZ4FquVOjOZpCcnj8gKVFKQ6qd3dWqH
6zUUHetGNNtPBD01FSAcvToVElnq1PDv+QIDAQAB
-----END RSA PUBLIC KEY-----

A sample run with RSA-2048:

Message: Bob has been naughty this year
Metadata: Bob's message to Santa

Partially Blinded Message: (512 bytes) 63E7476BE5D2B43BA0E9BCC7B07DCC1789CE4781294E77F6F51BC35B5CEF56913BE9C6C55587B74DE6FAF985CE1C96BC88DE89418B06C26EDA46AB55FEEA04BC67BBB8CEA305B61D44DC826E1EEFF98CFE1A094ECA4E8195E8F6590745F23FBA600BDAFB3C9C743F4A765E1E7111BABCD28446B59F3003287225B9AEF461C1FA3F7A7B41D8163B55D36A0D71940FE0D9DD0EFBB20A91250CE2B65CC64D4223AE3F36A5C52BE441F7224EBEC8CCBD1F8BE408D084043D33A28308A0D1672BF515D1426104EFBB1A0A
Partially Blinded Sig: (512 bytes) 6335D204852B59953808AB21E05533C4EA4940AA3788AE07C3B939972647C37143518D1834B6ECFCD11A7B6BDB14168B639CA170B0CF6AEB4A0CB3A9EFC19B918CE6A1A664302A59F9E77108DFD601A4DACA01DF9870E96BA0207E7B50A168D5378A8E08C6A753FB47E7B2C521BB94303EF141F42BE440569E739A6903DB5C3909A0A6BDD1ECFC3E466A010333A1EAD563BBE7C3387C36560DEE3002E4D92BC78F1CAFB8DF7C87C1609F5C48EAF283B580AE53E0EC236A027E5CCD0B53837F785884C290AD8507B1
Partially Signature verified
Note: Only showing the first 400 characters of Private Key, Message and Signature
RSA bits: 2048
Private key:
-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEApTojjBfuRo8TcBaaNZR0jbNb0azb7L/GsOtcjSFXNIIxPCO1
QTgdTA+aMrqLQBIhDFpwmQmCmLXijD8idEtFews17E2VWSAEM6dIhXo+ykD3u/mo
grEVwboWKSG7mbaulPR02uBQjHYvWa7zmn4o6C9Zhv3OAUQMbaog8S7MFJ/8lFHh
OovJgRevWpsryy9z7KS7RVwLiYQ/TLhQ414YLVVgokCfzbX9+uhHIUcL+hsmmIaR
zNcEonBQBvJFrgn6CNpjz7Trsj7ZcptBaAFxcykJ4+9zkNwI8TNFzO4K3qLgzlQX
vWQgV8SN3MdS6iv5ZnxrZtJ318eXRSdNFtjwBBmoFl9
Public key:
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEApTojjBfuRo8TcBaaNZR0jbNb0azb7L/GsOtcjSFXNIIxPCO1QTgd
TA+aMrqLQBIhDFpwmQmCmLXijD8idEtFews17E2VWSAEM6dIhXo+ykD3u/mogrEV
wboWKSG7mbaulPR02uBQjHYvWa7zmn4o6C9Zhv3OAUQMbaog8S7MFJ/8lFHhOovJ
gRevWpsryy9z7KS7RVwLiYQ/TLhQ414YLVVgokCfzbX9+uhHIUcL+hsmmIaRzNcE
onBQBvJFrgn6CNpjz7Trsj7ZcptBaAFxcykJ4+9zkNwI8TNFzO4K3qLgzlQXvWQg
V8SN3MdS6iv5ZnxrZtJ318eXRSdNFtjwBBmoFl9Qk/RqL+cGkFjlL2VH8v70+v1s
evBAlcp2pFynp7Cv3XAI4QjqOl9jguIb3eK0E705E8LG3Vqb0T1v5/AhQl3A7JrG
+tVBsY12tKH7KTrn8FpUCtfBWf7BsjZofvdYzoIiv6+4aCUr4b0OnSL5tm04ib9j
ygJ7iVFT6Z1nucX2m3/JFrofjbFo+HghN3nepKuudlz6wP4D2oTr7C7I/H/RxeJZ
BIvBdz8QkEmZom6oWfFPS2Xg/vUo2kpScNvLN3pYAP/fL/flzqLgmzInNaoyofFn
Zz2bDf53FiC9VDrKvPj/TEiIspoAaojgXgsSWubxqNW1OmxnhiiwDEUCAwEAAQ==
-----END RSA PUBLIC KEY-----

Conclusions

There are many applications where we need blind signatures, including where Bob trusts Trent to sign a document for him, but where Trent cannot see the contents of the document:

https://asecuritysite.com/circl/circl_pblind

and here is the draft specification [here]:

There are more CIRCL examples here:

https://asecuritysite.com/circl

Merry Christmas, when it comes along.