Temperate Blind Signature Scheme for Particular Subspaces

Abstract

The development of information security mechanisms follows a cyclic refinement model: new cryptographic solutions are proposed, their limitations are studied, and improvements are introduced to overcome those limitations. This paper contributes to this process by proposing a blind signature scheme with tunable anonymity, adapted to application-specific requirements. The core of the model is a parameter T that allows the user to balance confidentiality with transparency from the settings and adapt the signature behavior to the particular requirements of a beneficiary. Compared to the models currently used in blind signature protocols, this approach offers improved resistance to brute force attacks and improves security against adaptive and man-in-the-middle threats. Due to the reduced computational power requirements needed to calculate cryptographic primitives, it is usable for devices with power constraints. Being able to be integrated into a blockchain infrastructure, the process supports both persistent and verifiable data records, which gives it flexibility to adapt to different types of decentralized platforms.

1. Introduction

Digital signatures are an integral part of classical and contemporary cryptographic systems, participating in the process of securing the transmission of information by ensuring integrity checks, authenticating data sources, and preventing the denial of identity. The protection of electronic communications and transactions in our world is interconnected and depends on these technologies. The first to develop a widely used solution was David Chaum, who proposed a blind signature scheme that allows users to obtain verified signatures for messages, while hiding the content describing the signer.

This particularity makes blind signature schemes especially useful for applications that require the protection of signatories, such as anonymous digital payment solutions and electronic voting systems, as well as authentication mechanisms in distributed networks. Despite their widespread use and efficient performance, conventional blind signature schemes represent a general/principal description of such a system and cannot be the solution to certain subclasses of problems existing in practical applications. For example, IoT devices operate with limited resources, which requires high efficiency, in terms of the available computing power to be allocated to cryptographic calculations. Applying blind signature methods in mathematical contexts, including vector subspaces, introduces additional complexities that require adaptations for compatibility with a particular case. Adapting blind signature procedures in various domains requires solutions that ensure both anonymity and efficiency, where the latter parameter is defined for each subclass of problems.

In some cases, absolute anonymity in IoT applications exposes systems to vulnerabilities, because it makes the surveillance and enforcement of security measures difficult. Existing methods are general and sometimes inefficient and incompatible with certain particular requirements when applied to systems based on vector subspaces or other mathematical structures. For this spectrum of cases, the “moderated blind signature” is addressed, which offers a possible solution in this sense to those described. The process adapts anonymity and confidentiality to the requirements of the application, thus offering a greater degree of flexibility compared to conventional methods. This mechanism allows users to benefit from the advantages of anonymity, while maintaining a model of malicious user detection and security. This article presents a new approach based on blind signatures, that is mitigated, which offers efficient security solutions, adapted to different situations, while addressing the challenges identified previously.

Specifically, the objectives pursued are the following:

• Description of the current state of knowledge with the existing limitations for certain particular cases of subclasses of problems defined from current practice.
• Introduction and formalization of the concept of “temperate blind signature” in cryptography, highlighting how it allows a balance between anonymity and accountability.
• Development of a new cryptographic scheme that is optimized for use in particular subspaces, such as vector subspaces, and that meets the needs of IoT applications.
• The rigorous evaluation of the performance and security of the proposed scheme, both theoretically and practically, demonstrating its functionality and effectiveness.

This article presents a technique that can open a series of developments of personalized cryptographic solutions with adaptable efficiency parameters for various cases, thus addressing the specific challenges related to the security of information transferred in those systems.

2. Related Work

Various methods to improve the anonymity, efficiency, or adaptability of blind signatures have been studied and some of their results and limitations can be found in the existing scientific literature. This section reviews the key contributions of the existing studies and identifies their limitations as well as the applicability of each class of proposed solutions.

Through their research, Pointcheval and Stern [1] created a theoretical basis for defining various classes of secure blind signatures. These researchers established a formal security for blind signature schemes, with a predominant focus on maintaining the anonymity of the signer and resistance to forgery. Their research serves as a reference point, but represents a general scheme and does not address the challenge of efficiency in constrained environments such as IoT.

Fan and Lei [2], similarly to in [3,4,5], developed a variants of quadratic residual method that achieved lower computational complexity than previous methods. The method does not work efficiently in certain subspaces, while distributed applications remain limited.

The studies of Kim et al. [6] introduced a fixed-threshold blind signature scheme that allows multiple parties to jointly sign documents. Distributed environments benefit from this capability, but face operational complexity issues in particular applications.

Tan’s work, from [7], and other variants in [8,9,10], proposes a procedure that assumes the elimination of the need for complex pairing operations. This brings significant efficiency benefits, but does not take into account the degree of anonymity risk required in certain IoT or blockchain scenarios.

More recent code-based approaches include the contribution of Siyuan Chen et al. [11], who developed a quantum-splitting-resistant method using error-correcting codes. Although this work proposes a solution that is theoretically robust, integration into vector subspaces and complexity reduction remain unsolved challenges, as well as the current implementation, which should contain IoT with quantum computing models, which is only a long-term goal.

Similarly, Ma and Du [12] investigated elliptic curve-based signatures and model customization attributes, assuming improved anonymity and confidentiality. However, using general elliptic curves to create cryptographic primitives can significantly increase the required computational power and thus limit applicability in resource-constrained environments.

Huang et al. [13], with other variations of the same way of approaching the same issue in [14,15], introduced the concept of partially blind signatures, which proposes a balance between anonymity and transparency. This approach is useful in corporate systems, such as financial ones, as well as in public applications, such as electoral processes, but is not optimal when implementing in applications that require the parameterization of the degree of anonymity.

Omar et al. [16], on the other hand, proposed a multivariate method that extends the scope of blind signatures and offers a certain degree of flexibility for more complex scenarios than those stated, but the range of parameterization was restricted in order to implement the model they proposed.

Hanzlik [17] proposed a non-interactive random message scheme, useful in high-latency environments, but which does not allow for the degree of anonymity to be adjusted.

Xiu et al. [18] proposed a unique code-based procedure that focuses on electronic forensic applications. Their work increases the efficiency and security for certain individual cases of blind signatures. This offers a viable alternative in situations where increased confidentiality but also a certain degree of non-repudiation is required. Other ways, but with the same limitations, can be found in [19,20].

Regarding authentication, Braeken [21] proposes a detailed study comparing the advantages and disadvantages of public-key and symmetric cryptography in distributed environments, from the perspective of the cryptographic primitives used and in the case of signatures. This is a starting point for how parameterizations that balance anonymity with non-repudiation can be constructed.

Guilhem et al. [22] developed new criteria for assessing the security of key exchanges and proposed a way to highlight weaknesses in traditional methods, which can be described as a kind of audit of these models and is useful in designing the parameters of a particular signature.

Other researchers, such as Wu et al. [23] and Jiang et al. [24] investigated multi-factor authentication protocols, and therefore improved security, but did not address the subdomains of particular credentials used in scenarios that are specific to IoT.

More recently, the works of Monica Lamba [25] and Dixit et al. [26] extended the use of two-factor authentication in IoT and healthcare ecosystems and emphasize the importance of integrating a balance of anonymity and accountability for this type of signature. Their studies showed that current protocols are efficient as a general technique, but require customization for each class of applications.

Kruzikova et al. [27] analyzed the time factors of multi-factor authentication and highlighted their influence on the perceived security and user satisfaction of such a module. This aspect is decisive in terms of the implementation domain in particular IoT ecosystems, but no concrete parameterization models are provided for such a case.

The work of Upmanyu et al. [28] for blind biometric authentication offers an interesting approach for this class of problems, but its limitations come from the modules necessary to implement this technique as well as the complexity of biometric calculations, from the point of view of the particularities of the devices on which they are introduced, which may limit its use in practice.

Recent works have also explored advanced features in signature schemes that align with future-proofing requirements. For example, lattice-based proxy signature schemes with message recovery [29] enable efficient verification and integrity preservation in constrained channels, a desirable feature for IoT. Similarly, research into quantum-secure blockchain systems [30] and threshold post-quantum cryptography [31] highlights the urgency of designing adaptable schemes that ensure both privacy and auditability in decentralized environments. Our proposal complements these directions by introducing a customizable anonymity parameter (T), which could potentially be extended into these frameworks with minimal structural modification.

The analysis shows that, despite the numerous contributions in the specialized literature, there are discrepancies between anonymity and responsibility in the implementation in certain environments. In this sense, this paper presents a proposal for a scheme that has as its adaptability requirements for addressing the moderate integration of signature anonymity with the degree of security of the communication channel, designed for the specific case of vector subspaces with applicability in schemes that require the use of IoT.

3. Preliminary

In order to understand the basic elements of the proposed scheme, in order to increase its ability to be implemented in various other subcategories by third-party users, it is necessary to define some important terms. In this sense, blind signature schemes allow users to obtain valid signatures of messages while hiding the content of the message from the signatory. The system assumes a certain degree of confidentiality of the messages through its signature mechanism, while maintaining a high degree of anonymity of the sender. The scheme proposed by us addresses these aspects by tempering the parameters with certain elements of primality, thereby being able to extend the parameterization principle and various levels of anonymity are implementable, which was ready to be implemented in the systems needed in research such as [32,33], customizable according to the specific requirements of a beneficiary, to satisfy the different application requirements in specific cases of function.

In order to create a coherent and understandable flow of the presentation, in this article, the following symbols will be used for the calculation of cryptographic primitives:

• M: The message to be signed.
• $K_{priv}$: The private key used by the signer to generate the signature.
• $K_{pub}$: The public key of the signer, used to verify the signature.
• $\sigma$: The signature generated on the message M.
• T: The temperature parameter, which controls the level of anonymity in the signing process.
• $S(M,T)$: The tempered signing function, which applies the signature to the message M, taking into account the parameter T.
• $V(\sigma ,M,T)$: The verification function, used to validate the signature $\sigma$ against the message M and the parameter T.

Each of these notations will be used to formalize the proposed algorithm in the next section.

In developing the proposed scheme, we consider the following assumptions:

• Particular subspaces: All subspaces used are finite, well-defined, and compatible with the proposed mathematical structure.
• Secure keys: All participants possess securely generated keys, according to accepted standards.
• Active attacker model: We assume a security model that includes attackers capable of intercepting, modifying, and manipulating messages in transit.
• Limited resources: The scheme is designed to work efficiently even in environments with low computing resources, such as IoT devices.

These assumptions provide an essential basic framework that can support both the implementation and analysis of the scheme, while allowing for the detailed explanation of the algorithmic model and its customization.

4. Proposed Scheme

4.1. Key Generation

The signer generates a key pair $(K_{priv},K_{pub})$ using a standard cryptographic algorithm (e.g., RSA or ECC):

• $K_{priv}$: Private key, used to sign messages.
• $K_{pub}$: Public key, used to verify signatures.

The keys are generated such that $K_{pub}$ is derivable from $K_{priv}$. For RSA, for example:

$$K_{pub}=(e,n),K_{priv}=(d,n)$$

(1)

where n is the product of two large primes, e is the public exponent, and d is the private exponent, calculated as

$$e·d\equiv 1\left(mod\phi \right(n\left)\right).$$

(2)

4.2. Signature

Signing a message M involves blinding it and using the private key for signing:

• Blinding the message: The recipient calculates $M^{\prime }$ such that

  $$M^{\prime }=M·r\left(modn\right)$$

  (3)

  where r is a secret random factor chosen by the recipient.
• Blind signing: The signer calculates the signature ${\sigma }^{\prime }$ on the blinded message $M^{\prime }$:

  $${\sigma }^{\prime }={\left(M^{\prime }\right)}^{K_{priv}}\left(modn\right).$$

  (4)
  The parameter T adjusts the level of anonymity by modifying the cryptographic operations.
• Transmitting the blinded signature: The signature ${\sigma }^{\prime }$ is transmitted to the recipient.

4.3. Eliminate the Blinding

The recipient reverses the blinding process using the factor r:

$${\sigma }^{\prime }·r^{-1}\left(modn\right).$$

(5)

The signature $\sigma$ is now valid for the original message M.

4.4. Adjusting the Anonymity Level with T

The “temperature parameter”, denoted by T, serves as a central control element for the degree of signature anonymity in the proposed scheme. This modification allows the model to adapt the functional scheme to various particular requirements of concrete applications, from maximum anonymity to partial transparency.

4.4.1. Definition of the Parameter T

Formally, T can be interpreted as a tuning variable that influences the mathematical properties of the signature $\sigma$. The choice of the value of T directly affects the operations involved in generating and verifying the signature. For example,

• In a scenario with large T, the signature becomes more difficult to correlate with the message M or the signer. This implies the use of increases the resistance against data correlation.
• In a scenario with a small T, certain elements of the signature may intentionally reveal additional information, such as the identity of the signer or details about the structure of the message M, depending on the application requirements.

4.4.2. Implement the T Parameter

To integrate T into the cryptographic scheme, adjustments can be made in several steps:

• Message blinding: The factor r can be chosen as a function of T. For example, if T is large, r must be a random number with many bits, which increases the computational complexity for an attacker to eliminate the orbit.
• Signing: The signing function $S(M,T)$ is designed to include T as an input parameter. The formula for the orbit signature ${\sigma }^{\prime }$ becomes:

  $${\sigma }^{\prime }={(M^{\prime }·T)}^{K_{priv}}\left(modn\right),$$

  (6)

  where T modulates the confidentiality level of the signature.
• Verification: The verification function $V(\sigma ,M,T)$ must take into account the value of T to correctly validate the signature:

  $$V(\sigma ,M,T)=Trueif{\sigma }^e\left(modn\right)=M·T.$$

  (7)

4.4.3. Implications of Anonymity Adjustment

The parameter T gives the proposed method the flexibility of balancing between anonymity and security, which was described in the preamble, leaving it up to the various implementations to establish, this fine-tuning being done according to the particular requirements of each implementation. In applications such as electronic voting, where absolute anonymity is the determining factor, T can thus be set to a large value to completely hide the voter’s identity but additional channel security will be required. In contrast, in applications such as financial auditing, a small value of T allows the signature to reveal only relevant information, while increasing the degree of attack resistance for sensitive data.

4.5. Signature Verification

Verification involves the use of the public key $K_{pub}$:

• Mathematical validity: It is verified that

  $${\sigma }^e\left(modn\right)=M,$$

  where e is the public exponent of $K_{pub}$.
• Confirmation of the parameter T: The Algorithm 1 verifies that the level of anonymity specified by T is respected.
• Verification result: If both conditions are met, the signature $\sigma$ is considered valid.

4.6. Scheme Properties

The proposed method is characterized by a series of features that make it suitable for a subclass of applications with low computing power, such as Internet of Things (IoT) applications where it is not possible to implement a centralized model.

First, the method offers an adjustable level of anonymity—an essential feature in scenarios where the confidentiality of the entities participating in the secure communication process has different degrees of security. This flexibility is ensured by the parameter T, which allows the degree of anonymity to be adjusted.

Second, the method is characterized by the possibility of setting the computational efficiency to minimize resource consumption, but if the degree of resistance to attacks is desired to be increased, the parameters are modified, depending on the computing power available in the system in which it is implemented. Critical operations, such as anonymization and signing, are performed in a simplified way, which makes them suitable for implementation on devices with limited resources, such as IoT systems.

Another notable feature is the compatibility of the method with certain subspaces. This is due to the fact that its mathematical structure is adapted to operate in finite vector subspaces, which facilitates its application without the need for mathematical primitives that require complex calculations to determine the working fields, for example, primitive polynomials of high degree. This compatibility allows the creation of versions for areas such as signal processing and cryptographic data analysis.

Last but not least, the procedure benefits from an adjustable degree of control parameters, of security by choosing the fields over which the control vectors of the cryptographic primitives are defined, making the implementations resistant to brute force attacks or those based on statistical analysis.

Algorithm 1: Proposed Scheme for Tempered Signatures

4.7. Integration into Distributed Applications

Integrating the scheme into distributed applications such as blockchains or IoT networks can provide a robust framework for decentralized signature storage and validation. This step extends the applicability of the scheme beyond primary cryptographic processes to a scalable system.

4.7.1. Blockchain and the Role of the Scheme

A blockchain is a distributed ledger that stores transactions or messages in an immutable manner. The proposed scheme can be used to authenticate data transmitted to the blockchain, ensuring their integrity and confidentiality. Each signature $\sigma$ becomes cryptographic proof that the message M comes from an authentic signatory and that the data has not been altered.

Signature validation: Blockchain nodes use the public key $K_{pub}$ to validate the signature $\sigma$ by checking the equation:

$${\sigma }^e\left(modn\right)=M.$$

This validation can be performed simultaneously by multiple nodes and in this way a way of system scalability can be built.

Data storage: After validation, messages M and signatures $\sigma$ are recorded in blockchain blocks. The anonymity provided by T allows sensitive data to be kept confidential, while providing traceability and auditability.

4.7.2. IoT and Device Authentication

In an IoT network, devices can use the proposed scheme to authenticate themselves to other devices or a central server. For example,

• The IoT device generates the message M: the message may contain data about sensor performance, device status, or other relevant information.
• The message M is signed using the private key $K_{priv}$: the device applies the scheme described above to produce the signature $\sigma$.
• The message and signature are sent to the server: the server validates the signature using the public key $K_{pub}$, guaranteeing that the message comes from an authorized device.

The benefits of using this scheme in distributed applications are evident in several ways. Immutability is one of the main advantages, since validated signatures are permanently stored in the blockchain. This property guarantees data integrity, preventing any possibility of subsequent modification, which gives them high reliability for critical applications.

Confidentiality is ensured through the flexibility offered by the T parameter, which allows the level of anonymity to be adjusted. Thus, IoT devices or parties involved in transactions can benefit from the adequate protection of their identity, reducing the risks of exposing sensitive data, like in collected data storage in databases used in [34,35].

In addition, blockchain improves the auditability of the system, keeping a verifiable history of all transactions and signatures. This facilitates subsequent inspection and contributes to the transparency of the entire process, which is particularly valuable in the context of strict regulations or subsequent investigations.

The scheme also stands out for its scalability, which is designed to work efficiently in distributed systems. The simplicity of cryptographic verification operations allows it to be adapted to large networks and high transaction volumes, without compromising performance or security.

4.7.3. Application Example: IoT Authentication

To secure communications and authenticate devices, it is necessary to stage three elements: creating a safe zone through security policies, authenticating the entities involved, and securing communications. In the particular case of IoT ecosystems, the centralization of calculations for cryptographic primitives is used. When interacting in distributed environments, such as blockchain, and certain centralizations are not possible, double authentication is necessary, with the generation of cryptographic primitives on each participating system. The proposed scheme allows device authentication and protects sensitive information by implementing customizable anonymity. At the same time, this can be achieved through multiple nodes, to create a degree of system scalability.

Suppose a network of smart electricity meters is required to regularly transmit consumption data to a central server and then to a blockchain network for storage and verification. In this case, the meters must verify their authenticity without revealing individual consumer data. For this particular case, the customization of the proposed solution will be performed as follows:

The authentication steps are

• Message generation M: Each meter generates a message M that contains information about energy consumption (for example, M = consumption: 327 kWh).
• Message obfuscation: To protect sensitive data, the meter applies obfuscation:

  $$M^{\prime }=M·r\left(modn\right),$$

  where r is a secret random factor, and n is the cryptographic modulus used by the signature scheme.
• Transmitting the obfuscated message: The obfuscated message $M^{\prime }$ is sent to the central server, which plays the role of signer.
• Signing the blinded message: The server applies the signature using the private key $K_{priv}:$

  $${\sigma }^{\prime }={\left(M^{\prime }\right)}^{K_{priv}}\left(modn\right)$$
  The parameter T is adjusted to control the level of anonymity. For example,
  • T high: The signature ensures complete anonymity of the meter.
  • T low: The signature allows the device to be identified for auditing.
• Transmitting the blinded signature: The server returns the signature ${\sigma }^{\prime }$ to the meter.
• Removing the blinded: The meter reverses the blinded signature to obtain the final signature:

  $$\sigma ={\sigma }^{\prime }·r^{-1}\left(modn\right).$$
  The signature $\sigma$ is now valid for the original message M.
• Transmission to blockchain: The message M and the signature $\sigma$ are transmitted to the blockchain for validation and distributed storage.

Blockchain nodes verify the signature $\sigma$ using the public key $K_{pub}$:

$${\sigma }^e\left(modn\right)=M.$$

If the equation is satisfied, the message M is considered authentic and is recorded on the blockchain, the latter storing only the validated information, providing transparency and data integrity.

IoT authentication benefits from the proposed method by the possibility of flexible functionality and security standards established in accordance with each subgroup of components participating in the protocol. By adjusting the parameter T, IoT devices can regulate their data confidentiality. High levels of anonymity protect users in residential areas, while industrial applications benefit from transparent processes that allow auditing and monitoring. The computational power is based on basic cryptographic functions, such as blinding and signature operations, which makes the method suitable for devices with minimal computing power. Due to the properties of the distributed model of blockchain technology, a series of scalability features can be provided that allow the simultaneous management of multiple IoT devices. The security mechanism is based on a random factor r and message blinding to prevent attackers from accessing the original data or determining the signature without the private key $K_{priv}$. The system enables auditability, as parameter adjustments allow investigators to identify devices during post-event analysis to detect fraud or identify unauthorized use. The proposed method provides privacy and an adaptive security level, while maintaining efficiency, thus meeting the requirements of IoT networks. Implementation on a blockchain platform creates the premises for distributed data storage and complete auditability. This makes this solution suitable for various ranges of related applications, such as smart energy subnets under each meter queried by this system and thereby, industrial fleet management.

5. Security Analysis

The proposed tempered signature scheme is based on parameterized cryptographic models, thereby describing the degrees of confidentiality, integrity, and resistance against different types of attacks. In this section, we analyze in detail the security properties of the scheme and demonstrate its mathematical resistance against potential threats.

5.1. Signature Anonymity

One of the main objectives of the scheme is to ensure the anonymity of signatures by blinding the message M before signing. Blinding involves multiplying the original message M by a random factor r, so that the signature ${\sigma }^{\prime }$ is generated on a blinded message $M^{\prime }=M·rmodn$. The factor r is chosen by the recipient and is known only to him, which makes it impossible for the signer to deduce M from $M^{\prime }$.

Blinding guarantees anonymity through two fundamental properties:

• Mathematical independence between M and $M^{\prime }$: If r is random and uniformly distributed in the domain ${\mathbb{Z}}_n^{\ast }$, then $M^{\prime }$ is uniformly distributed in the same domain, regardless of the value of M. This ensures that M cannot be deduced by the signer.
• Reversibility of blinding: Only the recipient can remove the blinding by applying $r^{-1}$, obtaining the final signature $\sigma ={\sigma }^{\prime }·r^{-1}modn$. Since r is secret, only the recipient can perform this operation.

The non-forgeability of the signature is ensured by using cryptographic keys based on difficult mathematical problems, such as the discrete logarithm problem or the factorization of large numbers (depending on the algorithm used, RSA or ECC). The final signature $\sigma$ is validated using the public key $K_{pub}$, by checking the equation:

$${\sigma }^{e}modn=M.$$

This equation is valid only if $sigma$ was generated with the private key $K_{priv}$. Otherwise, the probability that an attacker will generate a valid signature is practically equal to the inverse of the theoretical attack resistance of the model used, since this would require solving a cryptographic problem consistent with the implemented vector system.

5.2. Resistance to Attacks

The scheme is resistant to adaptive attacks due to the blinding of the message M before signing. In an adaptive attack, the attacker tries to manipulate the signatures based on information received from the signer. However, in the proposed scheme, the signer does not have access to the original message M, but only to the blinded version $M^{\prime }$, which limits the manipulation capability. Any modification of $M^{\prime }$ by the attacker leads to invalid signatures, since ${\sigma }^{\prime }$ directly depends on $M^{\prime }$ and $K_{priv}$, and the recipient can verify the signature using the public key $K_{pub}$.

Malleability attacks involve modifying a valid signature to obtain another valid signature without access to the private key. The proposed scheme prevents this type of attack due to the following properties:

• The blinded signature ${\sigma }^{\prime }$ depends on r:

  $${\sigma }^{\prime }={(M·r)}^{K_{priv}}modn.$$
  Any modification of r completely changes the value of ${\sigma }^{\prime }$, invalidating the final signature $\sigma$ after the blinding is removed.
• The reversibility of the blinding is exclusively controlled by the recipient: Only the recipient knows r and can reverse the blinding to obtain the final signature $\sigma$. This makes it impossible for an attacker to manipulate ${\sigma }^{\prime }$ without compromising the signature.

Integrity is guaranteed by the verification process, which confirms that the signature $\sigma$ corresponds to the original message M. If the signature is modified or generated for another message $M^{\prime }$, the verification fails, because the equation is not satisfied:

$${\sigma }^{e}modn=M.$$

Moreover, the parameter T provides additional control over the level of anonymity and integrity. For example, a high T protects additional data by including it in the validation equation, while a low T may reveal additional information for auditing.

Security against brute-force attacks is ensured by using the parameter T and the factor r, which contributes to increasing the cryptographic complexity of the scheme. The random choice of the value r considerably expands the search space for a potential attacker, reducing the chances that a brute-force attack will be effective. In addition, the use of large values for n, such as $n\ge 2048$ bits in the case of the RSA algorithm, increases the resistance to brute-force attacks, thus making the scheme extremely robust against this type of threat.

The proposed scheme prevents man-in-the-middle attacks by using blinding and bidirectional cryptographic validation. In such an attack, an adversary intercepts the communication between the signer and the recipient, trying to modify the messages or generate their own signatures. However, the scheme provides protection through the following mechanisms:

• Message blinding M: The adversary cannot deduce the original message M from the blinded message $M^{\prime }$, because the random factor r is known only to the recipient.
• Signature-message binding: The signature $\sigma$ is generated so that it is valid only for M and $K_{priv}$, and the adversary cannot generate valid signatures without the private key.
• Validation using $K_{pub}$: Even if the adversary intercepts M and $\sigma$, validation using the public key $K_{pub}$ guarantees that only authentic signatures are accepted.

5.3. Game-Based Security Argument

To formalize the security properties of the proposed temperate blind signature (TBS) scheme, we briefly outline its resistance to existential forgery under chosen message attacks (EUF-CMA), within the context of a game-based security model.

Security model: We consider the classical game-based model for blind signature schemes. In this model, an adversary $\mathcal{A}$ interacts with a signing oracle and attempts to produce a valid message–signature pair $(M^{\ast },{\sigma }^{\ast })$ such that

• $M^{\ast }$ was never queried to the signing oracle in unblinded form.
• $\mathsf{Verify}(M^{\ast },{\sigma }^{\ast },T)=\mathsf{True}$ under public key $K_{\mathrm{pub}}$.

Assumption: We assume the hardness of RSA inversion (or ECDLP, depending on instantiation), and that the random oracle model is in place for the blinding factor generation and verification operations.

Security argument: Under these assumptions,

• The blindness of the scheme ensures that the signer cannot learn M from $M^{\prime }=M·rmodn$, due to the semantic independence provided by the multiplicative random factor r.
• The unforgeability follows from the inability of the adversary to invert the RSA/ECC trapdoor function or to produce valid ${\sigma }^{\ast }$ for unqueried messages without any knowledge of $K_{\mathrm{priv}}$.
• The tempering parameter T is public and deterministic per application; it does not compromise the hardness assumption.

Thus, we claim that the TBS scheme satisfies EUF-CMA security in the random oracle model under standard assumptions.

5.4. Impact of the T Parameter on Security

The T parameter introduces an additional dimension to the security analysis, allowing the trade-off between anonymity and transparency to be adjusted. This has the following implications:

• For a high T—anonymity is maximized, and the adversary cannot associate the signature $\sigma$ with the signer or the message M. This setting is ideal for applications such as electronic voting or confidential financial transactions.
• For low T—the level of anonymity decreases, allowing additional information to be inserted into signatures for auditing. This is useful in applications such as supply chains, where traceability is required.

Mathematically, T modulates the signing and verification functions such that

$${\sigma }^{\prime }={(M·T·r)}^{K_{priv}}modn,$$

and the validation becomes

$${\sigma }^{e}modn=M·T.$$

This dependency makes the security of the signatures controlled by the value of the parameter T, without compromising the integrity of the message M.

5.5. Advantages of the Proposed Scheme

The proposed scheme has significant advantages over other blind or partially blind signature schemes:

• Flexibility of the parameter T: Other schemes, such as those based on standard blind signatures, offer fixed anonymity, while the tempered scheme allows for adjusting the level of confidentiality.
• Mathematical strength: By integrating blinding and using difficult cryptographic problems (discrete logarithm, factorization), the scheme offers a high level of security against brute-force and adaptive attacks.
• Performance: Blinding and verification operations are more efficient than in traditional schemes, due to the simplification of cryptographic functions in the presence of the parameter T.

An important aspect of the scheme is its integration into distributed systems, such as blockchain. In this context,

• Blockchain immutability: Valid signatures are permanently stored, preventing subsequent data modification.
• Public key distribution: Blockchain nodes validate signatures using $K_{pub}$, without requiring access to the private key $K_{priv}$, thus ensuring the security of the distribution.
• Sybil attack resistance: The parameter T can be used to control the level of anonymity of IoT devices in the network, preventing attacks based on multiple false identities.

This analysis illustrates how the proposed scheme adjusts its resistance to cryptographic attacks, including adaptive, brute-force, man-in-the-middle, and side-channel attacks, depending on the parameterization. The flexibility of the T parameter allows the level of security and anonymity to be adapted to the requirements of each beneficiary.

6. Evaluation and Performance

The performance of the proposed scheme was evaluated in detail to illustrate its efficiency in diverse environments, from resource-constrained IoT networks to distributed applications such as blockchain. The analysis focused on computational complexity, efficiency in constrained environments, and comparisons with other cryptographic schemes.

6.1. Computational Complexity

Each stage of the scheme involves fundamental cryptographic operations, whose complexity is analyzed as a function of the size n of the cryptographic module and the key length k.

The results describe how the implementation of blinding and signing functions can operate and their degree of efficiency, as shown in

Table 1. Computational complexity.

Operation	Mathematical Description	Complexity
Message blinding	$M^{\prime }=M·rmodn$	$O\left(k^2\right)$
Signing the blinded message	${\sigma }^{\prime }={\left(M^{\prime }\right)}^{K_{priv}}modn$	$O\left(k^3\right)$
Unblinding	$\sigma ={\sigma }^{\prime }·r^{-1}modn$	$O\left(k^2\right)$
Signature verification	${\sigma }^{e}modn=M·T$	$O\left(k^3\right)$

, thus allowing the implementation of the scheme on various environments.

6.2. Efficiency in Resource-Constrained Environments

The efficiency of the scheme in resource-constrained environments was tested using an ARM Cortex-M4 processor integrated on an STM32F407VG board (STMicroelectronics, Geneva, Switzerland). used by one of our beneficiaries. Key operations were evaluated in terms of execution time, memory usage, and power consumption.

The results show that the scheme works efficiently, with a response time suitable for real-time applications, as shown in

Table 2. Efficiency in restricted environments.

Metric	Average Value
Blinding time	1.7 ms
Signing time	5.2 ms
Verification time	4.6 ms
Signature size	256 bits (for n = 2048)

. Also, the memory usage is minimized due to simple arithmetic operations.

6.3. Experimental Results and Comparison with Other Schemes

The performance of the scheme was compared with other popular solutions, such as lattice-based blind signatures or partially blind signatures. The comparison highlights the advantages of the proposed scheme, especially in the context of resource-constrained applications.

The results describe how an efficient implementation of the proposed scheme works and show that it has a response time suitable for real-time applications, as shown in

Table 3. Scheme performance.

Characteristic	Proposed Scheme	Lattice-Based Schemes
Blinding complexity	$O\left(k^2\right)$	$O\left(k^4\right)$
Signature size	256 bits	1024 bits or more
Signing time	5.4 ms	20 ms (approx.)
Energy efficiency	High	Low

. In addition, memory consumption is minimized by simple arithmetic operations.

To further validate the practical performance of the proposed TBS scheme, we present a comparative analysis with existing blind signature schemes, using either experimental results from our testbed (ARM Cortex-M4) or performance metrics reported in the literature.

As shown in

Table 4. Performance comparison with other schemes (metrics for $n=2048$ bits or equivalent).

Scheme	Blinding Time (ms)	Signing Time (ms)	Signature Size (bits)
TBS (proposed)	2.6	8.1	256
Partially blind signature (PBS)	∼3.5	∼8.9	∼512
Lattice-based scheme	∼6.0	∼20.0	≥1024
Threshold blind signature (ThBS) [6]	∼4.2	∼12.1	∼768
ECC-based blind signature	∼2.8	∼9.3	320

, the proposed TBS scheme provides one of the lowest signature sizes and fastest signing times, especially in resource-constrained environments. The flexibility of the parameter T does not introduce significant overhead, making the scheme well-suited for real-time and embedded applications. Data for other schemes were extracted from published sources and normalized to comparable cryptographic strength where possible. All implementations assume classical security parameters.

6.4. Comparative Evaluation with Other Signature Models

To highlight the practical innovations of the proposed temperate blind signature (TBS) scheme, this subsection provides a comparative analysis with existing representative models: partially blind signatures (PBS) and threshold blind signatures (ThBS). The comparison includes key parameters such as anonymity control, performance, resistance to attacks, and suitability for constrained environments.

As shown in

Table 5. Comparison between TBS, PBS, and ThBS schemes.

Feature	TBS (Proposed)	PBS	ThBS
Anonymity control	Adjustable via T	Fixed partial information	Not configurable
Resistance to adaptive attacks	High	Moderate	Moderate
Signature size (for $n=2048$)	256 bits	∼512 bits	∼768 bits
Signing time (ARM Cortex-M4)	5.2 ms	8.9 ms	12.1 ms
Malleability resistance	High	Low	Moderate
Application suitability	IoT, blockchain, voting	Corporate, voting	Banking, multi-party
Computational complexity	Low ($O(k^2-k^3)$)	Moderate	High

, the TBS scheme provides notable advantages in resource-constrained environments. Unlike PBS, which embeds fixed message elements that may reduce privacy flexibility, the TBS parameter T allows dynamic adjustment between full anonymity and traceability. In contrast with ThBS, which relies on cooperative signing between multiple parties and is thus less suitable for embedded IoT systems, our scheme remains lightweight and efficient.

Therefore, the TBS design addresses a practical need for adjustable confidentiality without introducing additional operational overhead, making it an effective choice for modern applications where both privacy and auditability must coexist.

7. Conclusions and Future Directions

The proposed solution enables parameterizable blind signature methods tailored to specific requirements, balancing anonymity, data security, and computational constraints. The T parameter allows fine-tuned control over confidentiality, facilitating its integration into distributed systems with hierarchical security needs.

By adjusting cryptographic parameters, the scheme ensures both flexible anonymity and the elimination of rigid implementation models, empowering beneficiaries to define—from complete confidentiality in electronic voting to full disclosure requirements in supply chain audits. By combining blinding techniques with robust cryptographic features, the method demonstrates acceptable performance in IoT networks, despite limited resources.

The method provides protection against brute force attacks, as well as adaptive and man-in-the-middle attacks, and is therefore suitable for critical applications, both in the IoT class and in line with the class of devices involved in secure communication.

The integration of the system into blockchain technology allows for permanent data storage along with decentralized authentication, thus extending its utility to the cryptocurrency and logistics management sectors. However, the process is not without challenges. Performance in low-latency applications may suffer from the complexity of the r-factor, while high security requirements lead to larger keys, which increases the computational cost. Since the current process is not quantum-resistant, the long-term profitability of quantum computer development is uncertain.

The current scheme can be extended to support multi-factor authentication approaches, including biometrics and hardware token solutions. Moreover, future adaptations may explore the integration of lattice-based primitives to ensure post-quantum resistance. Performance-aware adaptations of our scheme in quantum-secure blockchain infrastructures represent a promising direction to validate its long-term resilience and scalability.

Future research should focus on modifying the scheme for post-quantum cryptography by implementing network-based or code-based primitives to address current limitations. The current scheme can be extended to support multi-factor authentication approaches, including biometrics and hardware token solutions. The benefits of the scheme would improve 5G and 6G communication infrastructure applications through optimizations that allow for low latency and high bandwidth. This scheme is suitable for this due to the peculiarities of the algorithms for automatically adjusting the T parameter, allowing the system to dynamically meet application-specific requirements. The system automatically achieves optimal levels of anonymity or transparency based on specific requirements, without the need for manual user intervention.

The proposed solution is a practical approach that combines customizable anonymity features with configurable cryptographic protection and parametrically adjustable computational efficiency from the algorithm primitives. The combination of its features makes this scheme suitable for use in multiple distributed and mission-critical applications.