Let’s try (and fail) to break RSA blind signatures today! Google One recently released a VPN service, with the goal of protecting users’ privacy as they browse the web (explainer, implementation). One interesting detail is that it uses RSA Blind Signing to decouple a user’s authentication (signing) from their internet browsing (redemption), so that users have a stronger guarantee that their online activity won’t be tied back to their identity. I was the cryptography reviewer for this project, so I took the opportunity to understand how RSA Blind Signatures work. In this writeup, I’ll first give a brief primer on…

Cathie Yun

Cryptographer, climber, explorer. Previously working on ZK proofs at Chain/Interstellar, now on Google’s cryptography security team.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store