For the first version of the standard, we're going to keep this as simple as we possibly can, given that no out-of-the-box solutions seem to exist: a fully-blind RSA signature:
It's kinda neat to realize that the difference between a partially-blind and fully-blind signature scheme is (in this context) just a performance concern. We certainly want to figure out a (elliptical or bilinear or lattice) partially-blind solution, but that won't be included in version-0 of the 402-Receipts standard, and that's fine.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!