Double-Blind Threshold Signature Scheme | Cyber Immunity Whitepaper

Overview

This document specifies the Double-Blind Threshold Signature Scheme - a novel modified Schnorr blind signature adapted for threshold signing with key morphing. The construction achieves three simultaneous properties:

Signer-blindness. The threshold signers (ORKs) learn neither the message $m$ , the verification key $\mathit{gCMKAuth}$ , nor the key morphing scalar $\mathit{CMKmul}$ .
Verifier-blindness. The verifier (vendor) cannot link the verification key back to the user's master public key $\mathit{gCMK}$ , or correlate identities across vendors.
Key morphing. The ORKs hold shares of master key $x$ , but the signature verifies under a vendor-specific derived key $x \cdot \mathit{CMKmul}$ - without any party reconstructing either key.

The output is a standard Schnorr signature

(R, S)

that any verifier can validate against

\mathit{gCMKAuth}

, paired with a Vendor User ID (VUID) that is mathematically unlinkable to the user's master identity or to identities at other vendors.

The scheme is pending joint publication with RMIT University. All blind-signature operations use a specialized twisted Edwards curve (

BEd255475

), not Edwards25519.

Loading diagram...

The Problem

The SWE needs to obtain a Schnorr signature on token message

m

, verifiable against a vendor-specific public key

\mathit{gCMKAuth}

, using partial signatures from ORKs that hold shares

x_i

of master ineffable key

x

. Three constraints make this non-trivial:

Key morphing. The verification key is $\mathit{gCMKAuth} = \mathit{gCMK} \cdot \mathit{CMKmul}$ , where $\mathit{CMKmul}$ is vendor-specific. The ORKs hold shares of $x$ , not shares of $x \cdot \mathit{CMKmul}$ . The blinding must incorporate $\mathit{CMKmul}$ so that partial signatures over $x_i$ produce a valid signature under $x \cdot \mathit{CMKmul}$ .
Signer-blindness. The ORKs must not learn $m$ , $\mathit{gCMKAuth}$ , or $\mathit{CMKmul}$ . Any of these would leak which vendor the user is authenticating to or allow cross-session correlation.
Verifier-blindness. The vendor must not link $\mathit{gCMKAuth}$ back to $\mathit{gCMK}$ , or derive $\mathit{CMKmul}$ - either would enable cross-vendor correlation.

Preconditions

Identity Recovery (from PRISM sub-protocol)

Before blind signing begins, the SWE must have recovered the user's vendor-specific identity. This occurs during the Convert phase, in parallel with PRISM authentication (Protocol: PRISM).

Each ORK returns an encrypted identity share as part of its Convert response:

\mathit{userPRISM}_i = Y_{\text{tag}} \cdot x_i

encrypted under the PRISM verifier

v_i

- coupling identity recovery to successful password verification. The SWE interpolates these shares and applies voucher deobfuscation:

Algorithm 1: Identity Recovery

Input:

\{\mathit{userPRISM}_i\}_{i \in S}

where

|S| \ge t

; voucher values

q_{\text{Pub}}

k_{\text{voucher}}

u_{\text{DeObf}}

; ORK identifiers
Output:

\mathit{gUserCMK}

\mathit{CMKmul}

\mathit{VUID}

\mathit{gCMKAuth}

$\mathit{userPRISM} \leftarrow \sum_{i \in S} \mathit{userPRISM}_i \cdot L_i$ where $L_i$ are Lagrange coefficients for ORK $i$ 's identifier and the set of participating ORKs
$\mathit{userPRISMdec} \leftarrow \mathit{userPRISM} \cdot \textsf{DH}(q_{\text{Pub}}, k_{\text{voucher}})$
$\mathit{gUserCMK} \leftarrow \mathit{userPRISMdec} \cdot u_{\text{DeObf}}^{-1}$
$\mathit{CMKmul} \leftarrow \textsf{SHA-512}(\mathit{gUserCMK}).\text{first256bits}$
$\mathit{VUID} \leftarrow \textsf{SHA-512}(\mathit{gUserCMK}).\text{last256bits}$
$\mathit{gCMKAuth} \leftarrow \mathit{gCMK} \cdot \mathit{CMKmul}$
return $\mathit{gUserCMK}$ , $\mathit{CMKmul}$ , $\mathit{VUID}$ , $\mathit{gCMKAuth}$

The result

\mathit{gUserCMK}

equals

\mathit{gVVK} \cdot CMK

after deobfuscation - the user's CMK public key projected through this vendor's identity space. At no point is the

CMK

private key reconstructed.

Per-ORK State

Each ORK

i

holds:

$x_i$ - Shamir share of the joint $CMK$ private key.
$\mathit{gCMK} = G \cdot CMK$ - the user's master public key (public value, computed during registration).

Nonce Commitment

During the Convert phase, each ORK generates and commits a fresh nonce:

r_i \overset{\$}{\gets}

ℤ

_\ell, \quad R_i \leftarrow G \cdot r_i

R_i

is returned to the SWE.

r_i

is cached server-side and destroyed after use.

Protocol Flow

Blind Message Preparation (SWE)

After recovering

\mathit{gCMKAuth}

\mathit{CMKmul}

, and

\mathit{VUID}

(Algorithm 1), the SWE aggregates nonces and prepares the blinded signing request.

The blinded challenge

\mathit{blurH}

absorbs three values the ORKs must not learn: the real challenge

e

(encoding

R

\mathit{gCMKAuth}

, and

m

), the key morphing scalar

\mathit{CMKmul}

, and the blinding factor

j_4

. To any ORK,

\mathit{blurH}

is indistinguishable from a random scalar.

Partial Blind Signing (per-ORK)

Loading diagram...

Each ORK computes a standard Schnorr partial signature structure - its Lagrange-weighted nonce plus its Lagrange-weighted share multiplied by the blinded challenge. The ORK sees only

\mathit{blurH}

(opaque) and uses its own

r_i

and

x_i

. No inter-node communication is required.

Rogue-key resistance: The SWE sends a single

\mathit{blurH}

to all ORKs; each computes Lagrange coefficients locally from

\mathit{ORKsBitwise}

, preventing a malicious dealer from injecting crafted coefficients.

What the ORK verifies before signing: PRISM authentication succeeded. The voucher is valid. It has not already signed for this session (nonce cache destroyed on use).

Signature Aggregation and Unblinding (SWE)

Algebraic correctness proof:

\mathit{blindS} = \sum (r_i + \mathit{blurH} \cdot L_i \cdot x_i) = \underbrace{\sum r_i}_{= r} + \mathit{blurH} \cdot \underbrace{\sum L_i \cdot x_i}_{= x}

By Shamir reconstruction,

\sum r_i = r

(joint nonce) and

\sum L_i \cdot x_i = x

(joint CMK private key) - both reconstructed only as implicit terms within the sum, never as explicit values.

Substituting

\mathit{blurH} = e \cdot \mathit{CMKmul} \cdot j_4

\mathit{blindS} = r + e \cdot \mathit{CMKmul} \cdot j_4 \cdot x

Unblinding:

S = \mathit{blindS} \cdot j_4^{-1} = r \cdot j_4^{-1} + e \cdot \mathit{CMKmul} \cdot x

R = \mathit{gCMKR} \cdot j_4^{-1} = G \cdot r \cdot j_4^{-1}

Verification (standard Schnorr, any party holding

\mathit{gCMKAuth}

G \cdot S = G \cdot (r \cdot j_4^{-1} + e \cdot \mathit{CMKmul} \cdot x) = R + e \cdot \mathit{gCMKAuth} \quad \checkmark

where

e = H(R, \mathit{gCMKAuth}, m)

. The signature is mathematically indistinguishable from one produced by a single holder of private key

x \cdot \mathit{CMKmul}

Curve Architecture

The protocol operates over two elliptic curves with strict separation of purpose:

Curve	Used For
Curve25519	PRISM password verification, ECDH session keys, challenge encryption (Protocol: PRISM)
BEd255475	All blind-signature operations: nonce generation, partial signing, aggregation, verification

Curve Parameters

The BEd255475 specialized curve operates with the following parameters:

Parameter	Value
Curve form	Twisted Edwards: $ax^2 + y^2 = 1 + dx^2y^2$
Field prime $p$	$2^{255} - 475$ = `57896044618658097711785492504343953926634992332820282019728792003956564819493`
Coefficient $a$	$-1$
Coefficient $d$	$-26879$
Subgroup order $\ell$	`14474011154664524427946373126085988481619609633285553862260303847718958643849`
Cofactor $h$	$4$
Generator $G$	$(x, y) =$ (`52206735679238871955591785439564750012055913480585550766900356151549289562200`, `6`)
Generator (compressed)	`0600000000000000000000000000000000000000000000000000000000000000`

Design notes:

The coefficient

a = -1

matches Edwards25519, permitting the same optimized twisted Edwards arithmetic (extended coordinates, unified addition formulas). The coefficient

d = -26879

defines the curve's distinct algebraic structure - the group of points on this curve and the group of points on Edwards25519 are mathematically independent, which is the property that makes cross-domain signature transfer impossible.

The subgroup order

\ell

is approximately twice that of Edwards25519's subgroup order (

\ell_{25519} \approx 7.24 \times 10^{75}

), yielding a marginally larger security margin under Pollard's rho (both curves fall within the ~128-bit security class).

The more significant practical advantage is the cofactor. At

h = 4

(compared to Edwards25519's

h = 8

), the small-subgroup structure is simpler: fewer low-order points, fewer edge cases in point validation and signature verification, and a smaller cofactor clearing multiplier during verification (

4 \cdot G \cdot S

rather than

8 \cdot G \cdot S

). The cofactor-8 complications that motivated the Ristretto abstraction for Edwards25519 are reduced - the curve requires standard cofactor clearing but not the additional algebraic machinery needed to safely handle an order-8 cofactor group.

Why curve-level domain separation is required:

Without it, a malicious Secure Web Enclave (SWE) could craft a blinded message that, when signed by the ORK swarm, yields a valid standard Ed25519 signature on an attacker-chosen payload - weaponizing the signing network as a general-purpose signing oracle with no verifier able to distinguish the result from a legitimate signature. Standard domain separation techniques (hash prefixing, DOM flags) operate within the same algebraic group and were found to be malleable by a malicious SWE during adversarial analysis at RMIT University. Curve-level separation places the blind-signature ceremony in a mathematically distinct algebraic structure, making cross-domain signature transfer impossible regardless of SWE behavior. The specialized curve also provides a larger number space and better performance for the blind-signature operation.

Double-Blind Analysis

Blind Toward Signers (ORKs)

The ORKs see only

\mathit{blurH} = e \cdot \mathit{CMKmul} \cdot j_4

. To extract any useful value, an ORK would need to separate three unknown scalars multiplied together:

Message $m$ is hidden. It is an input to $e = H(R, \mathit{gCMKAuth}, m)$ . The ORKs know $\mathit{gCMKR}$ but not $j_4$ , so cannot compute $R = \mathit{gCMKR} \cdot j_4^{-1}$ . Without $R$ or $\mathit{gCMKAuth}$ , the hash cannot be computed.
Verification key $\mathit{gCMKAuth}$ is hidden. Same reasoning - it is a hash input, never transmitted to ORKs.
Key morphing scalar $\mathit{CMKmul}$ is hidden. Multiplied by random $j_4$ in $\mathit{blurH}$ . Recovering $\mathit{CMKmul}$ requires $j_4$ , held only by the SWE.

Blind Toward Verifier (Vendor)

The vendor receives

(R, S)

\mathit{gCMKAuth}

, and

\mathit{VUID}

. It can verify the signature but:

Master key $x$ is hidden. Standard Schnorr DLP hardness.
Master public key $\mathit{gCMK}$ is hidden. The vendor sees $\mathit{gCMKAuth} = \mathit{gCMK} \cdot \mathit{CMKmul}$ . Recovering $\mathit{gCMK}$ requires $\mathit{CMKmul}$ , derived from $\mathit{gUserCMK} = \mathit{gVVK} \cdot x$ . The vendor knows $\mathit{gVVK}$ but not $x$ , so cannot compute $\mathit{gUserCMK}$ or derive $\mathit{CMKmul}$ .
Cross-vendor correlation is impossible. Different vendors have different $\mathit{gVVK}$ values, producing different $\mathit{gUserCMK}$ , different $\mathit{CMKmul}$ , and different $\mathit{gCMKAuth}$ - all unlinkable under DLP hardness.

Bidirectional Identity Isolation

The derivation chain enforces strict compartmentalization:

CMK ORKs hold only user key shares ( $x_i$ , $s_i$ ). They have no data about which vendors a user is associated with - the identity shares $\mathit{userPRISM}_i$ are obfuscated by voucher tags and indistinguishable from random curve points.
Vendors and VVK ORKs hold $\mathit{VUID}$ and $\mathit{gCMKAuth}$ for their own users. They have no knowledge of which CMK ORKs serve their users, and no vendor knows which other vendors their users are associated with.
Compromised password, limited reach. Even with a correct password, an attacker who compromises the PRISM product can derive $\mathit{gUserCMK}$ for a specific vendor (the one whose voucher was used) - but cannot discover which other vendors the user is associated with, because that requires separate vouchers from separate vendors.

Malicious SWE Analysis

A malicious SWE controls

j_4

\mathit{CMKmul}

\mathit{gCMKAuth}

, and

m

. After receiving

\mathit{blindS}

, it can produce a valid signature on any message under any

\mathit{gCMKAuth}

of its choosing - but only on the specialized curve.

Without curve separation: The SWE could set

\mathit{CMKmul} = 1

and

\mathit{gCMKAuth} = \mathit{gCMK}

, producing a valid Ed25519 signature by the user's master key on an attacker-chosen message. This turns the ORK swarm into a general-purpose Ed25519 signing oracle.

With curve separation BEd255475: The signature is valid only on the specialized curve. No standard Ed25519 verifier will accept it. Within the Tide system, a rogue signature for a fraudulent vendor produces an identity bound to that fraudulent vendor's

\mathit{gVVK}'

- it cannot impersonate an honest vendor because

\mathit{VUID}

and

\mathit{gCMKAuth}

are derived from the vendor's own public key via the voucher system.

Standard domain separation techniques (hash prefixing, DOM flags) were evaluated during adversarial analysis at RMIT and found insufficient - they operate within the same algebraic group, and a malicious SWE could craft inputs to bypass them. Curve separation places the ceremony in a distinct algebraic structure, making cross-domain signature transfer impossible regardless of SWE behavior.

Notation Reference

Symbol	Description
$G$	Generator point on specialized twisted Edwards curve ( $P = 2^{255} - 475$ )
$A \cdot b$	Scalar-point multiplication
$H(\cdot)$	SHA-256 unless stated otherwise
$x$ , $x_i$	Joint CMK private key / ORK $i$ 's Shamir share
$\mathit{gCMK}$	User's master public key: $G \cdot x$
$\mathit{CMKmul}$	Vendor-specific key morphing scalar: $\textsf{SHA-512}(\mathit{gUserCMK}).\text{first256bits}$
$\mathit{gCMKAuth}$	Vendor-specific authentication public key: $\mathit{gCMK} \cdot \mathit{CMKmul}$
$\mathit{VUID}$	Vendor User ID: $\textsf{SHA-512}(\mathit{gUserCMK}).\text{last256bits}$
$\mathit{gUserCMK}$	User's CMK projected through vendor's identity space: $\mathit{gVVK} \cdot x$ (after deobfuscation)
$\mathit{gVVK}$	Vendor's long-term public key
$r_i$ , $R_i$	ORK $i$ 's nonce scalar / public point: $R_i = G \cdot r_i$
$\mathit{gCMKR}$	Aggregate nonce point: $\sum R_i$
$j_4$	Random blinding scalar (SWE-generated)
$e$	Schnorr challenge: $H(R, \mathit{gCMKAuth}, m)$
$\mathit{blurH}$	Blinded challenge: $e \cdot \mathit{CMKmul} \cdot j_4$
$L_i$	Lagrange coefficient for ORK $i$
$m$	Token message: $\{\mathit{VUID}, \text{``auth''}, \mathit{expiry}, K, \mathit{sessionId}\}$
$K$	Vendor session public key (DPoP binding)
$n$ , $t$ , $I$	Total ORKs / threshold / responding ORKs

Actors & Trust Assumptions

Actor	Role	Trust Assumption
Secure Web Enclave	Generates $j_4$ , prepares $\mathit{blurH}$ , aggregates and unblinds partial signatures, performs local verification.	Potentially adversarial. Malicious SWE can produce blind signatures on arbitrary messages - but only on the specialized curve. Cannot weaponize ORK swarm for Ed25519 signing.
CMK ORK Swarm	Each computes partial blind signature using its share $x_i$ and committed nonce $r_i$ .	Up to $n - t$ may be malicious. Learns nothing about $m$ , $\mathit{gCMKAuth}$ , or $\mathit{CMKmul}$ .
Vendor (Verifier)	Verifies standard Schnorr signature against $\mathit{gCMKAuth}$ .	Learns $\mathit{VUID}$ and $\mathit{gCMKAuth}$ for its own users only. Cannot link to master identity or other vendors.

Security Properties

Property	Mechanism	Assumption
No party holds the signing key	CMK Shamir-shared; $x$ never reconstructed; only $\mathit{gCMK}$ exists in the SWE	Threshold assumption. DLP hardness on specialized curve
No party can forge a token	Forgery requires 14 simultaneous compromises within a single ceremony window	Threshold + DLP
Double-blind construction	$\mathit{blurH} = e \cdot \mathit{CMKmul} \cdot j_4$ absorbs challenge, morphing scalar, and blinding factor into a single opaque scalar. ORKs cannot decompose; vendor cannot recover $\mathit{gCMK}$ from $\mathit{gCMKAuth}$	DLP hardness. Blinding factor randomness
Vendor-unlinkable identity	$\mathit{VUID}$ and $\mathit{gCMKAuth}$ derived from $\mathit{gVVK} \cdot CMK$ ; different vendors yield different, uncorrelatable identifiers	DLP hardness. Voucher-enforced vendor binding
Bidirectional identity isolation	CMK ORKs: no vendor metadata. Vendors: no CMK ORK metadata. Compromised password: no vendor discovery beyond the specific voucher used	Structural property
Malicious SWE containment	Rogue signatures valid only on specialized curve; rogue identities bound to attacker's own $\mathit{gVVK}'$	Curve independence (distinct algebraic groups)
Signature domain separation	All blind-signature operations on $BEd255475$ ; cannot be repurposed as valid $Ed25519$	Curve independence
Rogue-key resistance	Each ORK computes Lagrange coefficients locally from declared participation set	-
Nonce security	Per-ceremony fresh $r_i$ ; cached and destroyed after single use; $j_4$ blinding prevents ORKs from predicting aggregate $R$	Nonce randomness. Cache destruction

Call Summary

Call	Direction	Payload (Blind-Signature component)	State Change
Convert	SWE → all $n$ ORKs	Receive: $R_i$ , encrypted $\mathit{userPRISM}_i$	ORK caches $r_i$
Authenticate	SWE → $I$ participating ORKs	Send: $\mathit{blurH}$ , $\mathit{ORKsBitwise}$ . Receive: $\mathit{encSig}_i$	ORK destroys $r_i$ cache

Between calls, the SWE recovers identity (Algorithm 1), derives credentials, and prepares the blind message (Algorithm 2).

References

Komlo, C. & Goldberg, I. (2020). FROST: Flexible Round-Optimized Schnorr Threshold Signatures. SAC 2020.
Hall, J. L., Hertzog, Y., et al. (2023). Manifesting Unobtainable Secrets: Threshold Elliptic Curve Key Generation using Nested Shamir Secret Sharing. arXiv:2309.00915. Presented at AustMS 2021.
RMIT University - Double-Blind Threshold Signature Scheme. (Paper pending publication.)
Tide Developer Documentation: docs.tidecloak.com