thoughts
RSA, Blind Signatures, and a VolgaCTF Crypto Challenge
Given a server that runs commands with a valid signature, but signs only certain ones, execute a blinding attack to get a valid RSA signature on one such restricted command.