During the Autumn of 2023, Google engaged NCC Group to conduct a security assessment of the white paper entitled “RSA Blind Signatures with Public Metadata”, along with the corresponding IETF draft for “Partially Blind RSA Signatures”. The work is inspired by the growing importance of anonymous tokens for the privacy of real-world applications. In particular, the paper aims to modify the standard RSA Blind signature protocol such that signatures can only be generated for a specific choice of public metadata.
The security assessment of the protocol was performed through an analysis of both the whitepaper and online draft, with direct communication with the Google team. Additionally, a SageMath implementation of the protocol was written following the specification outlined in the IETF draft. The review was performed by three consultants over two weeks for a total of fifteen person-days.
In early November 2023, a retest was performed by two consultants, for four person-days of additional efforts.