 Hello, welcome to the short video presentation about the paper the Abo Okamoto partially blind signature scheme we visited My name is Julia Kastner and this is joint work with Julian Los and Jai Yuksu In this work, we consider a partially blind signature scheme, which is kind of like a blind signature scheme just that the signer and the user share attack info Which for example in the context of electronic payments could be Monetary value of the message signature pairs or it could also be an expiration date so the signer has a secret key and the user has the corresponding public key and they interact In order to get a signature on the message on the user side So the user wants a signature on his message and we consider a three move partially blind signature scheme Which means they send back and forth in total three messages We want two security properties So the first security property is the partial blindness. This is supposed to protect honest users from malicious signers and Informally we want that The signer does not learn which message he's signing during the signing protocol More formally we have an indistinguishability based property where the signer gets to pick two messages a public key and attack info and then The user gets to pick which message he will use in which of the two interactions they're now about to have They then interact two times and in the end if both interactions were successful The signer gets to see the message signature pairs that came out of it and otherwise it only gets to see a special error symbol bottom The signer is then supposed to tell which message was used in which interaction and wins the game if he manages to do that The other notion that we want is a one more inforge ability. So this is supposed to protect an honest signer from a malicious user and In this case they interact many times and if they have interacted L times for a given tag of The user's choice. The user is not supposed to be able to output more than L signatures For that tag The scheme we consider is the Abbe Okamoto scheme This is basically an or proof of two blind snore signatures So we have on the signer side an or proof that the signer either knows this discrete logarithm Which is an exponent X or it knows the discrete logarithm of this hash of the tag info And on the user side We just do two times the blinding as we would do in a blind snore signature to obtain this kind of Or proof of two blind snore signatures The motivation for why we were looking into this is that on the one hand It's an efficient discrete logarithm based partially blind signature scheme and there are many other Schemes that use this or proof technique and as well take inspiration from the proof by Abbe Okamoto Examples of such schemes are for example the Scheme by Abbe which is a computationally blind signature scheme the anonymous credentials light scheme and Also the recent lattice-based blind ore and The proof strategy from the Abbe Okamoto paper is of interest for other schemes that use this or proof technique So in this work, we identified a gap in the original or one more unfortunately proof and We meant the gap while achieving similar bounds to the original work If you're interested in finding out more about this I hope you come to the talk at the conference and also you can check out the e-print of our paper at the link below Thanks for watching and I hope to see you at the conference You