These days, with the advancement and popularity of the Internet and information technology, electronic services ($\emph{e.g.} $banking, commercial transactions, etc.) become inevitable. One of key enabling technologies for such services is to adapt cryptography which is crucial for security issues. Unfortunately, cryptography will work only if a piece of information ($\emph{e.g. secret key}$) is kept secret from unauthorized entities. However, in practice, it is difficult to guarantee that requirement. When the secret key is revealed, all security goals are lost. And we call this the key exposure problem.
Blind signature is an interesting cryptographic protocol. It is an extension of ordinary digital signature and has applications in electronic cash, electronic voting, $\emph{etc}$. It turns out that key exposure problem is very serious in blind signature. For example, in electronic cash systems, key exposure problem is very severe since money is directly involved. Forward security is the first security notion addressing the key exposure issue. Roughly speaking, forward secrecy protects validity of the past usage even if the current secret key is compromised.
In this thesis, we investigate the key exposure problem in blind signature (with application to electronic cash in mind). We then propose a blind signature scheme which guarantees forward secrecy. Our scheme is constructed from the provably secure Okamoto-Guillou-Quisquater (OGQ for short) blind signature scheme. Using forking lemma proposed by Pointcheval and Stern, we can show equivalence between existence of a forger and feasibility of solving the strong RSA problem. We also found that our scheme introduces no significant communication overhead comparing with OGQ scheme.