Mingxing Hu,Weijiong Zhang,Zhen Liu

DOI: https://doi.org/10.48550/arXiv.2206.12093

2022-06-24

Abstract:Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring, without revealing exactly which member of that ring actually generated the signature. The signer-anonymity property makes ring signatures have been an active research topic. Recently, Park and Sealfon (CRYPTO 19) presented an important anonymity notion named signer-unclaimability and constructed a lattice-based ring signature scheme with unclaimable anonymity in the standard model, however, it did not consider the unforgeable w.r.t. adversarially-chosen-key attack (the public key ring of a signature may contain keys created by an adversary) and the signature size grows quadratically in the size of ring and message. In this work, we propose a new lattice-based ring signature scheme with unclaimable anonymity in the standard model. In particular, our work improves the security and efficiency of Park and Sealfons work, which is unforgeable w.r.t. adversarially-chosen-key attack, and the ring signature size grows linearly in the ring size.

Cryptography and Security

Xin Lv,Feng Xu,Ping Ping,Xuan Liu,Huaizhi Su

DOI: https://doi.org/10.1109/DCABES.2015.48

2015-01-01

Abstract:Ring signatures enable a user to sign a message so that a ring of possible signers is identified, without revealing exactly which member of that ring actually generated the signature. In some situations, however, an actual signer may possibly want to expose himself, for instance, if doing so, he will acquire an enormous benefit. In this paper, a signature scheme with designated verifiability based on Schnorr ring signature is proposed. The scheme provides a confirmation procedure, in which the real signer is able to convince a designated party that he is the one who generates the signature. The confirming procedure involves an interactive Zero-Knowledge proof protocol, which is non-transferable, and it only can be triggered by the signer. Based on the intractability of Discrete Logarithm Problem (DLP), the scheme is existentially unforgeable under adaptive-chosen message attack in the random oracle model.

Meng-Jun Qin,Yun-Lei Zhao,Zhou-Jun Ma

DOI: https://doi.org/10.1007/s11390-018-1838-z

2018-01-01

Abstract:Bitcoin has gained its popularity for almost 10 years as a "secure and anonymous digital currency". However, according to several recent researches, we know that it can only provide pseudonymity rather than real anonymity, and privacy has been one of the main concerns in the system similar to Bitcoin. Ring signature is a good method for those users who need better anonymity in cryptocurrency. It was first proposed by Rivest et al. based upon the discrete logarithm problem (DLP) assumption in 2006, which allows a user to sign a message anonymously on behalf of a group of users even without their coordination. The size of ring signature is one of the dominating parameters, and constant-size ring signature (where signature size is independent of the ring size) is much desirable. Otherwise, when the ring size is large, the resultant ring signature becomes unbearable for power limited devices or leads to heavy burden over the communication network. Though being extensively studied, currently there are only two approaches for constant-size ring signature. Achieving practical constant-size ring signature is a long-standing open problem since its introduction. In this work, we solve this open question. We present a new constant-size ring signature scheme based on bilinear pairing and accumulator, which is provably secure under the random oracle (RO) model. To the best of our knowledge, it stands for the most practical ring signature up to now.

Shengke Zeng,Shaoquan Jiang,Zhiguang Qin

DOI: https://doi.org/10.1016/j.tcs.2012.01.027

IF: 1.002

2012-01-01

Theoretical Computer Science

Abstract:A conditionally anonymous ring signature is an exception since the anonymity is conditional. Specifically, it allows an entity to confirm/refute the signature that he generated before. A group signature also shares the same property since a group manager can revoke a signer’s anonymity using the trapdoor information. However, the special node (i.e., group manager) does not exist in the group in order to satisfy the ad hoc fashion. In this paper, we construct a new conditionally anonymous ring signature, in which the actual signer can be traced without the help of the group manager. The big advantage of the confirmation and disavowal protocols designed by us are non-interactive with constant costs while the known schemes suffer from the linear cost in terms of the ring size n or security parameter s.

shengke zeng,qinyi li,zhiguang qin,qing lu

DOI: https://doi.org/10.1002/sec.859

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ring signature scheme protects the privacy while signer is signing. In the ring signature scheme, the signer can randomly choose verification keys of entities and generate a signature on behalf of these entities. The generated signature can be verified by anyone by inputting all these verification keys. Consequently, a ring signature convinces a verifier that one member from these entities produces this signature without revealing which one. This property is good for the signer as his identity is not leaked. However, the signer also can make use of this capacity to generate a malicious signature on behalf of a ring. Because of the unconditional anonymity of ring signature, this signer cannot be traced to be responsible for his malicious signing. Group signature can avoid this problem because the group manager in the group signature can trace the actual signer by using the trapdoor. However, the group is fixed from the beginning and it needs a complicated setup algorithm. Deniable ring signature was introduced by Komano et al., which allows to revoke the anonymity of actual signer without the manager's help if necessary. The actual signer can confirm his signing for anyone through the confirmation protocol. On the other hand, non-signers in the ring can disavow this signing by the disavowal protocol. Therefore, the actual signer can be traced. However, Komano's scheme was proven in random oracles, and the traceability protocols (confirmation and disavowal protocols) are interactive. To improve Komano's construction, this work proposes a new efficient non-interactive deniable ring signature scheme in the standard model. It is a kind of ring signature and therefore, it does not require a setup algorithm, and the ring in the scheme is flexible. Copyright (c) 2013 John Wiley & Sons, Ltd.

Yiru Sun,Yanyan Liu,Bo Wu

DOI: https://doi.org/10.1186/s42400-019-0037-8

2019-07-17

Abstract:The group signature scheme is an important primitive in cryptography, it allows members in a group to generate signatures anonymously on behalf of the whole group. In view of the practical application of such schemes, it is necessary to allow users' registration and revocation when necessary, which makes the construction of dynamic group signature schemes become a significant direction. On the basis of (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017), we present the first full dynamic group signature scheme over ring, and under the premise of ensuring security, the efficiency of the scheme is improved mainly from the following three aspects: the size of keys, the dynamic construction of a Merkle hash tree that used to record the information of registered users, and the reuse of the leaves in this tree. In addition, the public and secret keys of both group manager and trace manager are generated by a trusted third party, which prevents the situation that the two managers generate their respective public key and secret key maliciously. Compared with the counterpart of the scheme in (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017) over ring, the expected space complexity of the Merkle tree used in our work down almost by half, and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree.

computer science, information systems, interdisciplinary applications, software engineering

Mingxing Hu,Zhen Liu

2022-01-01

Abstract:Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring. The anonymity of the scheme guarantees that the signature does not reveal which member of the ring signed the message. The notion of linkable ring signatures (LRS) is an extension of the concept of ring signatures such that there is a public way of determining whether two signatures have been produced by the same signer. Lattice-based LRS is an important and active research line, since lattice-based cryptography has attracted more attention due to its distinctive features especially the quantum resistant. However, all the existing lattice-based LRS relied on random oracle heuristics, i.e., no lattice-based LRS in the standard model has been introduced so far. In this paper, we present a lattice-based LRS scheme based on the wellstudied standard lattice assumptions (SIS and LWE) in the standard model.

FY Miao,Y Xiong,SB Yang,XF Wang

IF: 1.019

2006-01-01

Chinese Journal of Electronics

Abstract:Ring signature is a new kind of signer-ambiguous signature, in which the real signer randomly designates a set of possible signers including itself, and generates totally by itself the ring signature only with its private key and public keys of other possible signers. The signature includes no definite information that identifies the real signer. The paper extends the general notion of ring signature and proposes a provable encrypted ring signature scheme. In the scheme, the real signer produces a signer-ambiguous signature with self-provable evidence and can uniquely prove through the evidence that it is the authentic signer if necessary. Furthermore, by an identity-based encryption algorithm from bilinear pairings the ring signature is encrypted to guarantee that only the right verifier can verify the signature. A variant of the scheme is also given in the paper. Analysis shows that the provable encrypted ring signature is confidential, self-provable, signer-ambiguous and secure. The proposed scheme can be applied in many applications such as e-voting, e-commerce etc.

Lei Zhang,Futai Zhang,Wei Wu

DOI: https://doi.org/10.48550/arXiv.1712.09145

2017-12-26

Abstract:Ring signature is a kind of group-oriented signature. It allows a member of a group to sign messages on behalf of the group without revealing his/her identity. Certificateless public key cryptography was first introduced by Al-Riyami and Paterson in Asiacrypt 2003. In certificateless cryptography, it does not require the use of certificates to guarantee the authenticity of users' public keys. Meanwhile, certificateless cryptography does not have the key escrow problem, which seems to be inherent in the Identity-based cryptography. In this paper, we propose a concrete certificateless ring signature scheme. The security models of certificateless ring signature are also formalized. Our new scheme is provably secure in the random oracle model, with the assumption that the Computational Diffie-Hellman problem is hard. In addition, we also show that a generic construction of certificateless ring signature is insecure against the key replacement attack defined in our security models.

Cryptography and Security

Mengqi Feng,Chao Lin,Wei Wu,Debiao He

DOI: https://doi.org/10.1016/j.csi.2023.103763

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:As an equivalent of a handwritten signature, digital signature can resist against information tampering and identity impersonation during digital communication, but it fails to meet the specific anonymity requirement in circumstances like voting, credit reporting, and whistle-blowing. Ring signature was introduced as a special digital signature to further achieve anonymity, and classical schemes constructed from single ring were faced with linearly increasing size. In CRYPTO 2021, Yuen et al. proposed a novel construction paradigm (namely, DualRing) for reaping logarithmic-sized ring signature. Existing DualRing-based ring signature schemes are based on its supported Type-T standard signature algorithms (Three-move type, e.g. Schnorr signature). In this paper, we are motivated to seek a SM2-based ring signature scheme upon the DualRing technology, among which the SM2 digital signature is widely adopted as an international standard but not with a Type-T architecture. Therefore, we first transform the SM2 digital signature into Type-T and integrate DualRing with the variant of the SM2 digital signature. After that, we prove the unforgeability and anonymity of our schemes, together with proposing optimized and linkable schemes. Finally, we put our schemes into practice to display their performance in communication and computation costs.

computer science, software engineering, hardware & architecture

Mingxing Hu,Zhen Liu,Xiaojun Ren,Yunhong Zhou

DOI: https://doi.org/10.1016/j.ins.2024.121164

IF: 8.1

2024-01-01

Information Sciences

Abstract:Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring. The signer-anonymity property guarantees that the signature does not reveal which member of the ring signed the message. The notion of linkable ring signatures (LRS) is an extension of the concept of ring signatures such that there is a public way of determining whether two signatures have been produced by the same signer. However, the existing LRS schemes may not be competent in some scenarios since they exhibit a gap to bridge as reflected on the security guarantees such as the absence of quantum-resistance, inadequate security notions, and a reliance on the random oracle heuristic.In this paper, we present a framework for LRS that provides stronger security guarantees. We instantiate the framework from standard lattice assumptions and prove the security in the standard model. Furthermore, we implement our scheme and conduct experimental evaluations, which demonstrate that the performances are practical for typical settings.

Man Ho Au,Joseph K. Liu,Willy Susilo,Tsz Hon Yuen

DOI: https://doi.org/10.1016/j.tcs.2012.10.031

IF: 1.002

2013-01-01

Theoretical Computer Science

Abstract:In this paper, we propose a new ID-based event-oriented linkable ring signature scheme, with an option as revocable-iff-linked. With this option, if a user generates two linkable ring signatures in the same event, everyone can compute his identity from these two signatures. We are the first in the literature to propose such a secure construction in an ID-based setting. Even compared with other existing non ID-based schemes, we enjoy significant efficiency improvement, including constant signature size and linking complexity.Our scheme can be also regarded as a normal ID-based ring signature. We are also the first to propose such a scheme with constant signature size and enhanced privacy, namely the signer is anonymous even to the PKG who has the master secret key.We prove the security of our scheme in the random oracle model, using DL, DDL and q-SDH assumptions.

computer science, theory & methods

Shengke Zeng,Shaoquan Jiang,Zhiguang Qin

DOI: https://doi.org/10.1007/978-3-642-22685-4_42

2011-01-01

Abstract:A conditionally anonymous ring signature, first studied by Komano et al. (RSA06) (termed as a deniable ring signature), is a ring signature except that the anonymity is conditional. Specifically, it allows an entity to confirm/refute that he generated a signature. A group signature also has conditional anonymity since a group manager can revoke a signer's anonymity. However, the group in this case is fixed, unlike a ring signature where a group is ad hoc. In this paper, we construct a new conditionally anonymous ring signature. Our signing/verification algorithms are asymptotically most efficient, compared with all known schemes. Our confirmation/disavowal protocols are non-interactive with constant costs while the known schemes have a cost linear in either ring size n or security parameter s.

Hongyu Shi,Lunzhi Deng,Yan Gao

DOI: https://doi.org/10.1109/ACCESS.2020.2981360

IF: 3.9

IEEE Access

Abstract:Ring signature is an anonymous signature that both authenticates the message and protects the identity information of the signer. It is suitable for scenarios such as anonymous network access, online auctions, etc. However, there is a problem in a regular ring signature scheme. The signer can generate multiple different signatures for the same message without being discovered by the verifier. This will of course cause some confusion. Linkable ring signature (LRS) resolves the problem. The verifier can determine if multiple signatures were generated by the same signer, but he cannot determine the actual signer’s identity. In this paper, we first proposed the system model and security requirements for certificateless linked ring signature (CL-LRS). Then, we constructed a concrete CL-LRS scheme and gave the security proofs. Finally, we compared the efficiency of our scheme with several other LRS schemes. Our scheme does not use pairing operation and is more suitable for the computation-constrained environment.

Computer Science

TIAN Miao-Miao,HUANG Liu-Sheng,YANG Wei

DOI: https://doi.org/10.3724/sp.j.1016.2012.00712

2012-01-01

Chinese Journal of Computers

Abstract:An efficient and secure ring signature scheme has a number of important applications.In this paper,we present a new lattice-based ring signature scheme and prove its security in the standard model.The proposed scheme is strongly unforgeable against adaptive chosen message attacks under the standard small integer solution(SIS) assumption.Compared with the existing lattice-based ring signature schemes without random oracles,our new scheme enjoys shorter signature length,high efficiency and stronger security.

Ward Beullens,Samuel Dobson,Shuichi Katsumata,Yi-Fu Lai,Federico Pintore

DOI: https://doi.org/10.1007/s10623-023-01192-x

2023-03-01

Abstract:We construct an efficient dynamic group signature (or more generally an accountable ring signature) from isogeny and lattice assumptions. Our group signature is based on a simple generic construction that can be instantiated by cryptographically hard group actions such as the CSIDH group action or an MLWE-based group action. The signature is of size , where N is the number of users in the group. Our idea builds on the recent efficient OR-proof by Beullens, Katsumata, and Pintore (Asiacrypt'20), where we efficiently add a proof of valid ciphertext to their OR-proof and further show that the resulting non-interactive zero-knowledge proof system is online extractable . Our group signatures satisfy more ideal security properties compared to previously known constructions, while simultaneously having an attractive signature size. The signature size of our isogeny-based construction is an order of magnitude smaller than all previously known post-quantum group signatures (e.g., 6.6 KB for 64 members). In comparison, our lattice-based construction has a larger signature size (e.g., either 126 KB or 89 KB for 64 members depending on the satisfied security property). However, since the -notation hides a very small constant factor, it remains small even for very large group sizes, say .

mathematics, applied,computer science, theory & methods

Fengtong Wen,Jianing Kang

DOI: https://doi.org/10.1109/ECNCT63103.2024.10704287

2024-07-19

Abstract:In today's privacy-conscious world, considering the possible problems of duplicate voting and duplicate payments in voting systems, payment systems and other application scenarios, linked ring signature (LRS) is a reliable option to ensure the need for anonymity. At the same time, to ensure that LRS can effectively defend against potential future security threats such as quantum computers, we propose an improved identity-based linkable ring signature scheme named LDLRS. This scheme uses the lattice structure and the short integer solution (SIS) problem on the lattice, and constructs an efficient and secure ring signature scheme by using the techniques of preimage sampling and reject sampling. After that, we provide the security proof of LDLRS to ensure the security of the scheme in theory. Finally, by analyzing the computational cost, we demonstrate the efficiency advantages of LDLRS in signature generation and verification compared with existing schemes.

Mathematics,Computer Science

Wen Gao,Liqun Chen,Yupu Hu,Christopher J. P. Newton,Baocang Wang,Jiangshan Chen

DOI: https://doi.org/10.1007/s10207-018-0417-1

2018-08-20

International Journal of Information Security

Abstract:In cryptography, a ring signature is anonymous as it hides the signer’s identity among other users. When generating the signature, the users are arranged as a ring. Compared with group signatures, a ring signature scheme needs no group manager or special setup and supports flexibility of group choice. However, the anonymity provided by ring signatures can be used to conceal a malicious signer and put other ring members under suspicion. At the other extreme, it does not allow the actual signer to prove their identity and gain recognition for their actions. A deniable ring signature is designed to overcome these disadvantages. It can initially protect the signer, but if necessary, it enables other ring members to deny their involvement, and allows the real signer to prove who made the signed action. Many real-world applications can benefit from such signatures. Inspired by the requirement for them to remain viable in the post-quantum age, this work proposes a new non-interactive deniable ring signature scheme based on lattice assumptions. Our scheme is proved to be anonymous, traceable and non-frameable under quantum attacks.

computer science, information systems, theory & methods, software engineering

Kai-Min Chung,Yao-Ching Hsieh,Mi-Ying Huang,Yu-Hsuan Huang,Tanja Lange,Bo-Yin Yang

2024-11-20

Abstract:We present the first provably secure isogeny-based group signature (GS) and accountable ring signature (ARS) in the quantum random oracle model (QROM). We do so via introducing and constructing an intermediate primitive called the openable sigma protocol and demonstrating that any such protocol gives rise to a secure GS and ARS. Furthermore, QROM security is guaranteed if an additional perfect unique-response property (which is achieved via our tailored construction) is satisfied. Previous works by Beullens et al. (Eurocrypt 2022, Asiacrypt 2020) proposed isogeny-based GS and ARS with better efficiency but were only analyzed in the classical random oracle model (CROM). It is well-known that CROM security does not generally translate to QROM security; with the growing relevance of isogeny-based constructions in post-quantum cryptography, the current state of the art is unsatisfactory. Moreover, the aforementioned existing isogeny-based signatures were recently affected by the Fiat-Shamir with aborts (FSwA) flaw discovered by Barbosa et al. and Devevey et al. (CRYPTO 2023), leaving the provable security of isogeny-based signatures open to question once again. Our constructions are not only immune to the FSwA flaw but also provide stronger QROM security. As current QROM-secure ARS and GS schemes are mostly lattice-based, we offer a robust post-quantum alternative should lattice assumptions weaken.

Cryptography and Security

Sunil Kumar,Gaurav Mittal,Sandeep Kumar

DOI: https://doi.org/10.1007/s42979-022-01286-8

2022-07-27

SN Computer Science

Abstract:In this paper, we propose three digital signature schemes based on the algebraic structure of group ring. The first scheme is a deterministic signature scheme, the second scheme is a probabilistic signature scheme whereas the third scheme is an uplifting of the NTRU signature scheme in group ring. We carefully discuss the security of these schemes by studying the hardness of the associated hard problems. We show that our schemes, with parameters of small size, provide the security equivalent to the security provided by the current secure implementations of discrete logarithm problem (e.g. 128 bits). We also discuss some examples to see the practicality of our schemes. This paper is the first advancement in the field of group ring based digital signatures.