Darknet signatures

Recently, solutions such as distributed ledgers have been promoted in order to achieve undeniability of past transactions. This creates the situation where signed transactions of a given person are recorded in a distributed data structure and are publicly available. We show that behind such a fully legitimate and trustworthy ledger system one can create a perfect infrastructure for a covert ledger for presumably illegal activities. Namely, a signer may hide signatures behind purely innocent signatures of legitimate transactions. Such signatures, called darknet signatures within this paper, can be used by the signer to authenticate illegal operations, where signature delivery is by means of the distributed ledger, and thereby to some degree anonymous. The darknet signatures are undetectable apart from the designated recipient - the signatures posted in the ledger look exactly the same as in case of an honest signer. In particular no extra data need to appear, thereby there are no witnesses of malicious activities in the form, e.g. of suspicious random components. To demonstrate the reality of the threat, we present a simple example realization of darknet signatures hidden in Schnorr signatures. As the construction is quite elementary in this case, it should serve as a strong warning against using probabilistic signature schemes in a distributed ledger.