 Hey, I'm Benedict and this is the short video about the paper Pikachu and friends, which is joint work with champ Anna Lucia and Julian And this is about blind signatures. So let me tell you what a blind signature scheme is in a blind signature we have a signer and a user now the signer holds a public key secret keep here and The user holds only the public key, but most importantly the message Now this message should be signed and to do that they interact in some interactive protocol and The user gets a signature in the app Now this signature can of course be verified as a standard signature using the public key and the message In terms of security, we want to have two properties. The first one is blindness Which says that the signer does not learn what he's signing so he cannot link the interaction to message signature pairs and The second property Says that we actually need the signer to generate the blind signature So we cannot generate the blind signature without interacting with the signer Okay, so this is a very useful primitive. It has a lot of applications in electronic payment systems, for example or in voting and and The problem is that the state of the art in terms of Constructions is not very satisfying and this is because although we have efficient constructions these either rely on non-standard and strong assumptions or They only support a small number of signatures while staying secure typically a logarithmically Logarithmic number of signatures Now our goal in this work is to close this gap and find a scheme that is efficient Has full security and only makes use of conservative well-known assumptions Okay, so to summarize our first result, which is a generic result We need to understand the boosting transform from last year's Asia Crypt by cuts loss and Rosenberg This transform takes a logarithmically secure so-called linear blind signature scheme Apply some one out of n cut and choose and we obtain a fully secure blind signature scheme This secure blind signature scheme has still efficient signature sizes But the communication is not good and this is because this parameter n of the cut and choose grows in every interaction and our communication Grows linear with this parameter Now our first result is a compact version of this boosting transform Which is basically doing the same but in a compact way such that we obtain a communication Which is logarithmic in this parameter n Okay, so you may think that we solved the problem, right? But this is not the case because if we look at Instanciations of this then they will be rather inefficient due to security loss and other problems So what we do is we construct two concrete schemes in the second part of our work The first one is based on the RSA assumption and we instantiate this this framework With some specific optimizations for RSA for example using trap tours to further improve the communication complexity And then we have a second construction where we start with a key only secure blind signature scheme PLS blind signatures and Transform it into a fully secure blind signature scheme with a variant of this boosting transform that now also works for key only secure schemes and we call this parallel instance cut and choose and We further optimize this using CDH specific optimizations such as aggregation Now in the end we also compute some parameter estimations taking the security loss into account and we see that RSA based scheme is balanced while the CDH based scheme has very short signatures so if you are more interested in our techniques and Our results feel free to look into our paper a deep print or to attend our talk at crypto. Thank you