What is a Geen Paper? | Original Paper (OP)
Beyond regular digital signatures, or cryptographic signatures, there exist "blind" digital signatures. In a blind digital signature, someone signs a message on request of someone else, without knowing the contents of the message which they are signing. To do this, the requester sends a modified version of the message to the signer (the secret key holder), the signer signs it, sends it back, and the requester can remove the modification. After removing the modification, the signature is still valid.
For example, RSA allows for a modification by choosing a random number coprime to the modulus, raising the chosen number to the public exponent, and multiplying the result with your message (modulo the modulus, of course). After it is signed, you can remove the blinding again by multiplying it by the inverse of the original random number.
Transforming your message to a blinded message, allowing another party to sign it without knowing what they signed, is called blinding in the context of this Geen paper.
All persons that wish to use the system have an account with a central authority. The authority tracks who owns how much money. You can obtain something resembling cash using the following steps:
You now have a random number that signed by the authority, but the authority does not know it because it was blinded. Let's call it a token.
The token is like cash: you can give the token to someone else. The recipient gives it to the authority, the authority validates it, and adds the value to the recipient's account. The authority then adds this token to a list of used tokens, so it cannot be used a second time. There is no way for the authority to connect the blinded and unblinded numbers, so even though they know that the token is valid, they do not know where it came from. It's untraceable.
Note that all tokens are of the same value. It could be made more efficient by using different kinds of tokens for different values, so you don't have to do a thousand token checks for a transaction of something worth a thousand tokens.
TODO What about the original (blinded) value? Can that be submitted as token?
It has a valid signature after all, and it looks just as random as the unblinded
token. As far as I know, it's indistinguishable.
The easy solution is to add the signed value to the list of used tokens upon
signing so it can never be redeemed in the first place, but unless I read over
it, OP does not describe this.