Zhang Changlun,Liu Yun,He Dequan

DOI: https://doi.org/10.1109/icosp.2006.346099

2006-01-01

Abstract:Ring signature is proved very useful in various applications for its perfect properties. However, the existing schemes based on the discrete logarithm are not perfect in signature and signer verification. In this paper, we introduce a new verifiable ring signature scheme based on Nyberg-Rueppel signature. The scheme realizes the ring signature using the hash functioning merely, which can verify the actual signer besides satisfying the basic properties of ring signature: unconditional anonymity and non-forgeability. The comparison shows that our signature scheme is of less size of signature and computation, and the signer verification is more simple and easy to understand

shengke zeng,qinyi li,zhiguang qin,qing lu

DOI: https://doi.org/10.1002/sec.859

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:Ring signature scheme protects the privacy while signer is signing. In the ring signature scheme, the signer can randomly choose verification keys of entities and generate a signature on behalf of these entities. The generated signature can be verified by anyone by inputting all these verification keys. Consequently, a ring signature convinces a verifier that one member from these entities produces this signature without revealing which one. This property is good for the signer as his identity is not leaked. However, the signer also can make use of this capacity to generate a malicious signature on behalf of a ring. Because of the unconditional anonymity of ring signature, this signer cannot be traced to be responsible for his malicious signing. Group signature can avoid this problem because the group manager in the group signature can trace the actual signer by using the trapdoor. However, the group is fixed from the beginning and it needs a complicated setup algorithm. Deniable ring signature was introduced by Komano et al., which allows to revoke the anonymity of actual signer without the manager's help if necessary. The actual signer can confirm his signing for anyone through the confirmation protocol. On the other hand, non-signers in the ring can disavow this signing by the disavowal protocol. Therefore, the actual signer can be traced. However, Komano's scheme was proven in random oracles, and the traceability protocols (confirmation and disavowal protocols) are interactive. To improve Komano's construction, this work proposes a new efficient non-interactive deniable ring signature scheme in the standard model. It is a kind of ring signature and therefore, it does not require a setup algorithm, and the ring in the scheme is flexible. Copyright (c) 2013 John Wiley & Sons, Ltd.

Yang ZHAO,Feng YUE,Hu XIONG,Zhi-guang QIN

DOI: https://doi.org/10.3969/j.issn.1671-1122.2015.10.002

2015-01-01

Abstract:The designated verifier signature specifies a verifier to check the validity of the signature; any third party can not check it because the designated verifier is able to generate an indistinguishable signature from the signer’s signature. In ring signature scheme, the signer can sign the message on behalf of the ring anonymously, the veriifer can check the validity of the signature, but it cannot recognize which member of the ring has signed it. In order to ensure the signer’s identity privacy and that only the designated veriifer can check the authenticity of the signature, Wu propose a strong designated veriifer ID-based ring signature scheme through combining the designated veriifer signature and the ring signature. The scheme allows the signer to designate a veriifer and generate a designated veriifer ring signature. Through the analysis on Wu’s scheme, we ifgure out the scheme does not satisfy the attribute of non-delegatability in designated verifier signature scheme and describe the attack method in this paper. For the sake of avoiding the lfaw, this paper improves Wu’s scheme and makes it provably secure. In addition, according to the improved scheme, we propose a strong designated veriifer ring signcryption scheme providing authentication and conifdentiality simultaneously.

Mingxing Hu,Zhen Liu,Xiaojun Ren,Yunhong Zhou

DOI: https://doi.org/10.1016/j.ins.2024.121164

IF: 8.1

2024-01-01

Information Sciences

Abstract:Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring. The signer-anonymity property guarantees that the signature does not reveal which member of the ring signed the message. The notion of linkable ring signatures (LRS) is an extension of the concept of ring signatures such that there is a public way of determining whether two signatures have been produced by the same signer. However, the existing LRS schemes may not be competent in some scenarios since they exhibit a gap to bridge as reflected on the security guarantees such as the absence of quantum-resistance, inadequate security notions, and a reliance on the random oracle heuristic.In this paper, we present a framework for LRS that provides stronger security guarantees. We instantiate the framework from standard lattice assumptions and prove the security in the standard model. Furthermore, we implement our scheme and conduct experimental evaluations, which demonstrate that the performances are practical for typical settings.

Mingxing Hu,Weijiong Zhang,Zhen Liu

DOI: https://doi.org/10.48550/arXiv.2206.12093

2022-06-24

Abstract:Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring, without revealing exactly which member of that ring actually generated the signature. The signer-anonymity property makes ring signatures have been an active research topic. Recently, Park and Sealfon (CRYPTO 19) presented an important anonymity notion named signer-unclaimability and constructed a lattice-based ring signature scheme with unclaimable anonymity in the standard model, however, it did not consider the unforgeable w.r.t. adversarially-chosen-key attack (the public key ring of a signature may contain keys created by an adversary) and the signature size grows quadratically in the size of ring and message. In this work, we propose a new lattice-based ring signature scheme with unclaimable anonymity in the standard model. In particular, our work improves the security and efficiency of Park and Sealfons work, which is unforgeable w.r.t. adversarially-chosen-key attack, and the ring signature size grows linearly in the ring size.

Cryptography and Security

FY Miao,Y Xiong,SB Yang,XF Wang

IF: 1.019

2006-01-01

Chinese Journal of Electronics

Abstract:Ring signature is a new kind of signer-ambiguous signature, in which the real signer randomly designates a set of possible signers including itself, and generates totally by itself the ring signature only with its private key and public keys of other possible signers. The signature includes no definite information that identifies the real signer. The paper extends the general notion of ring signature and proposes a provable encrypted ring signature scheme. In the scheme, the real signer produces a signer-ambiguous signature with self-provable evidence and can uniquely prove through the evidence that it is the authentic signer if necessary. Furthermore, by an identity-based encryption algorithm from bilinear pairings the ring signature is encrypted to guarantee that only the right verifier can verify the signature. A variant of the scheme is also given in the paper. Analysis shows that the provable encrypted ring signature is confidential, self-provable, signer-ambiguous and secure. The proposed scheme can be applied in many applications such as e-voting, e-commerce etc.

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69304-8_14

2008-01-01

Abstract:Three of the most important services offered by cryptography are confidential, private and authenticatability in distributed systems, such as P2P, trust negotiation and decentralized trust management. Information provider secretly encrypts a message with a hidden approach to protect message security and his privacy. Ring signcryption is an important way to realize full anonymity where the signcrypter cannot verify that this ciphertext was produced by himself. In this paper, we propose a novel construction of efficient secret authenticatable anonymous signcryption scheme in which only the actual signcrypter can authenticate that the ciphertext was produced by himself. The receiver cannot distinguish who the actual signcrypter is in the group even though he obtains all group members' private keys. Proposed scheme has the following properties: semantic security, signcrypter anonymity, signcrypter secret authenticatability, and unforgeability. We prove its security in the random oracle model under the DBDH assumption.

Zihao Xiong,Aihan Yin

DOI: https://doi.org/10.1007/s11128-022-03481-1

IF: 1.965

2022-03-31

Quantum Information Processing

Abstract:Ring signature is widely used in e-commerce and voting systems because of its excellent anonymity. Some schemes have quantum ring signatures that require the use of hard-to-prepare GHZ entangled states. In this paper, a quantum ring signature scheme without entanglement based on a single photon and one-way function is proposed. The legitimate user can use one-way function to encrypt information, and the results are controlled by Hadamard gate operation with a single photon to generate a quantum signature. The verifier performs the Hadamard gate inverse operation on the signature to restore the information and complete the verification. The entire scheme process is anonymously transmitted, which protects the identity of the signer. The scheme introduces arbitration participation verification instead of repeated verification by verifiers, which simplifies the steps of the scheme while ensuring the unforgeability of the signature, because no entangled state is used, the scheme can reduce the complexity and cost of implementation, at the same time, the scheme is secure.

physics, multidisciplinary,quantum science & technology, mathematical

Wen Gao,Liqun Chen,Yupu Hu,Christopher J. P. Newton,Baocang Wang,Jiangshan Chen

DOI: https://doi.org/10.1007/s10207-018-0417-1

2018-08-20

International Journal of Information Security

Abstract:In cryptography, a ring signature is anonymous as it hides the signer’s identity among other users. When generating the signature, the users are arranged as a ring. Compared with group signatures, a ring signature scheme needs no group manager or special setup and supports flexibility of group choice. However, the anonymity provided by ring signatures can be used to conceal a malicious signer and put other ring members under suspicion. At the other extreme, it does not allow the actual signer to prove their identity and gain recognition for their actions. A deniable ring signature is designed to overcome these disadvantages. It can initially protect the signer, but if necessary, it enables other ring members to deny their involvement, and allows the real signer to prove who made the signed action. Many real-world applications can benefit from such signatures. Inspired by the requirement for them to remain viable in the post-quantum age, this work proposes a new non-interactive deniable ring signature scheme based on lattice assumptions. Our scheme is proved to be anonymous, traceable and non-frameable under quantum attacks.

computer science, information systems, theory & methods, software engineering

Shengke Zeng,Shaoquan Jiang,Zhiguang Qin

DOI: https://doi.org/10.1007/978-3-642-22685-4_42

2011-01-01

Abstract:A conditionally anonymous ring signature, first studied by Komano et al. (RSA06) (termed as a deniable ring signature), is a ring signature except that the anonymity is conditional. Specifically, it allows an entity to confirm/refute that he generated a signature. A group signature also has conditional anonymity since a group manager can revoke a signer's anonymity. However, the group in this case is fixed, unlike a ring signature where a group is ad hoc. In this paper, we construct a new conditionally anonymous ring signature. Our signing/verification algorithms are asymptotically most efficient, compared with all known schemes. Our confirmation/disavowal protocols are non-interactive with constant costs while the known schemes have a cost linear in either ring size n or security parameter s.

Wenxiu Qu,Yong Zhang,Hongwei Liu,Tianqi Dou,Jipeng Wang,Zhenhua Li,Shunyu Yang,Haiqiang Ma

DOI: https://doi.org/10.1364/josab.36.001335

2019-01-01

Journal of the Optical Society of America B

Abstract:Quantum digital signatures (QDSs), which are unforgeable, non-repudiable, and transferable, are widely used in quantum communication networks. Unfortunately, previous protocols have often relied on three-party models for security analysis and experimental verification. As the number of parties increases, the number of quantum links required increases exponentially, undoubtedly leading to high channel losses and cost for multi-party QDSs. This study proposes a multi-party ring QDS scheme that can effectively deal with the issue of redundant quantum links. Furthermore, compared with the previously proposed QDS protocols, our protocol can prevent repudiation attacks without symmetry operation or swap test. Hence, it also can reduce the possibility of forging attacks by eliminating the possibility of forgery using illegal strings.

Mengqi Feng,Chao Lin,Wei Wu,Debiao He

DOI: https://doi.org/10.1016/j.csi.2023.103763

IF: 3.721

2024-01-01

Computer Standards & Interfaces

Abstract:As an equivalent of a handwritten signature, digital signature can resist against information tampering and identity impersonation during digital communication, but it fails to meet the specific anonymity requirement in circumstances like voting, credit reporting, and whistle-blowing. Ring signature was introduced as a special digital signature to further achieve anonymity, and classical schemes constructed from single ring were faced with linearly increasing size. In CRYPTO 2021, Yuen et al. proposed a novel construction paradigm (namely, DualRing) for reaping logarithmic-sized ring signature. Existing DualRing-based ring signature schemes are based on its supported Type-T standard signature algorithms (Three-move type, e.g. Schnorr signature). In this paper, we are motivated to seek a SM2-based ring signature scheme upon the DualRing technology, among which the SM2 digital signature is widely adopted as an international standard but not with a Type-T architecture. Therefore, we first transform the SM2 digital signature into Type-T and integrate DualRing with the variant of the SM2 digital signature. After that, we prove the unforgeability and anonymity of our schemes, together with proposing optimized and linkable schemes. Finally, we put our schemes into practice to display their performance in communication and computation costs.

computer science, software engineering, hardware & architecture

Gaurav Mittal,Sandeep Kumar,Sunil Kumar,Shubham Mittal

DOI: https://doi.org/10.1007/s00500-024-10325-w

IF: 3.732

2024-11-29

Soft Computing

Abstract:The concept of undeniable signature scheme was proposed by Chaum and Antwerpen in 1989. In this scheme, the signature can only be verified by the verifier with the co-operation of the signer. In this paper, we propose a novel undeniable signature scheme based on the structure of group ring. We consider the well studied hard problems, that is, inverse computation problem (ICP) and discrete logarithm problem (DLP) in group ring and show that under the chosen message attack, our scheme is strongly unforgeable, invisible and secure against impersonation attack. These security notions, that is, strongly unforgeability, invisibility and impersonation are defined through three different games. In order to practically realize the scheme, we discuss a case study in which we generate the signature for a message and then verify it through the verification algorithm. Finally, we compare our scheme with several other renowned schemes available in the literature and show it is efficient in terms of the total execution time.

computer science, artificial intelligence, interdisciplinary applications

Keisuke Hara

DOI: https://doi.org/10.1016/j.tcs.2024.114516

IF: 1.002

2024-03-27

Theoretical Computer Science

Abstract:Ring signature and group signature are two major cryptographic primitives providing users anonymity and authentication simultaneously. While both primitives enable any user to sign messages as a member of a set of users, the feature of ring signature is that a signer can choose a group in an ad-hoc manner, which is called a ring, by itself. Conversely, in group signature, a group membership is managed by some trusted third party, which is called a group manager, and an (appropriate) accountability is provided for the group manager to identify illegal anonymous signers. Accountable ring signature (ARS) is a cryptographic primitive combining the features of ring signature and group signature. ARS allows signers to choose their groups (rings) in an ad-hoc manner, and at the same time, maintain accountability by forcing them to select a designated opener who can identify them. In this paper, we propose the first ARS scheme with O(log⁡n) signature size in the standard model (without depending on the random oracle methodology), where n is the size of a ring. More precisely, we propose a new generic construction of ARS based on (standard) signature, (standard) public key encryption, non-interactive zero-knowledge proof system, somewhere perfectly binding hash function, and public key encryption with non-interactive opening. All building blocks for our ARS scheme can be obtained under the decisional linear (DLIN) assumption over bilinear groups.

computer science, theory & methods

王行甫,苗付友

DOI: https://doi.org/10.3969/j.issn.1006-9348.2009.02.040

2009-01-01

Abstract:Some digital signature applications in Network Environment,e.g. an anonymous e-impeachment,has the requirement of guaranteeing both the signer-ambiguity and non-transferability,but most of the current signature schemes can not fully meet such requirements. The paper proposes a new scheme called Identity-based Non-transferability Ring Signature Scheme,in which a special hash function from bilinear pairing is constructed. Thus the scheme satisfies the above applications requirements. Formal analysis shows that the scheme is signer-ambiguous,non-transferable and non-forgeable in Random Oracle Model.

Yongjian Liao,Zhiguang Qin

DOI: https://doi.org/10.1109/iccis.2008.4670894

2008-01-01

Abstract:There are only two possible signers in designated verifier signature(DVS) scheme, thus anyone else can not know who is the real signer according to signature/message pairs. Lipmaa et al. discovered delegatability attack on almost all existing designated verifier signature according to original definition of DVS, and later Li et al. subdivided the delegation and defined verifier-only delegatability. Here, we point out the formal definition of verifier-only delegatability is not reasonable and redefine it. Meanwhile we show ZFI DVS scheme is not verifier-only delegatable, but is delegatable, and show ZJ DVS scheme is verifier-only delegatable scheme. We present notion of signer-only delegatability and put forward general construction from verifier-only delegatable DVS scheme to signer-only delegatable DVS scheme, vice verse. We using ZJ DVS scheme as example to show how to construct signer-only delegatable scheme. Finally we classify delegatable DVS scheme into both signer and designated verifier delegatable scheme, verifier-only delegatable scheme and signer-only scheme.

Lei Zhang,Futai Zhang,Wei Wu

DOI: https://doi.org/10.48550/arXiv.1712.09145

2017-12-26

Abstract:Ring signature is a kind of group-oriented signature. It allows a member of a group to sign messages on behalf of the group without revealing his/her identity. Certificateless public key cryptography was first introduced by Al-Riyami and Paterson in Asiacrypt 2003. In certificateless cryptography, it does not require the use of certificates to guarantee the authenticity of users' public keys. Meanwhile, certificateless cryptography does not have the key escrow problem, which seems to be inherent in the Identity-based cryptography. In this paper, we propose a concrete certificateless ring signature scheme. The security models of certificateless ring signature are also formalized. Our new scheme is provably secure in the random oracle model, with the assumption that the Computational Diffie-Hellman problem is hard. In addition, we also show that a generic construction of certificateless ring signature is insecure against the key replacement attack defined in our security models.

Cryptography and Security

Man Ho Au,Joseph K. Liu,Willy Susilo,Tsz Hon Yuen

DOI: https://doi.org/10.1016/j.tcs.2012.10.031

IF: 1.002

2013-01-01

Theoretical Computer Science

Abstract:In this paper, we propose a new ID-based event-oriented linkable ring signature scheme, with an option as revocable-iff-linked. With this option, if a user generates two linkable ring signatures in the same event, everyone can compute his identity from these two signatures. We are the first in the literature to propose such a secure construction in an ID-based setting. Even compared with other existing non ID-based schemes, we enjoy significant efficiency improvement, including constant signature size and linking complexity.Our scheme can be also regarded as a normal ID-based ring signature. We are also the first to propose such a scheme with constant signature size and enhanced privacy, namely the signer is anonymous even to the PKG who has the master secret key.We prove the security of our scheme in the random oracle model, using DL, DDL and q-SDH assumptions.

computer science, theory & methods

Guilin Wang,Fubiao Xia,Yunlei Zhao

DOI: https://doi.org/10.1007/978-3-642-25516-8_28

2011-01-01

Abstract:After the introduction of designated confirmer signatures (DCS) by Chaum in 1994, considerable researches have been done to build generic schemes from standard digital signatures and construct efficient concrete solutions. In DCS schemes, a signature cannot be verified without the help of either the signer or a semi-trusted third party, called the designated confirmer . If necessary, the confirmer can further convert a DCS into an ordinary signature that is publicly verifiable. However, there is one limit in most existing schemes: the signer is not given the ability to disavow invalid DCS signatures. Motivated by this observation, in this paper we first propose a new variant of DCS model, called designated confirmer signatures with unified verification , in which both the signer and the designated confirmer can run the same protocols to confirm a valid DCS or disavow an invalid signature. Then, we present the first DCS scheme with unified verification and prove its security in the random oracle (RO) model and under a new computational assumption, called Decisional Co-efficient Linear (D-co-L) assumption, whose intractability in pairing settings is analyzed in generic group model. The proposed scheme is constructed by encrypting Boneh, Lynn and Shacham's pairing based short signatures with signed ElGamal encryption. The resulting solution is efficient in both aspects of computation and communication. In addition, we point out that the proposed concept can be generalized by allowing the signer to run different protocols for confirming and disavowing signatures.

Fengtong Wen,Jianing Kang

DOI: https://doi.org/10.1109/ECNCT63103.2024.10704287

2024-07-19

Abstract:In today's privacy-conscious world, considering the possible problems of duplicate voting and duplicate payments in voting systems, payment systems and other application scenarios, linked ring signature (LRS) is a reliable option to ensure the need for anonymity. At the same time, to ensure that LRS can effectively defend against potential future security threats such as quantum computers, we propose an improved identity-based linkable ring signature scheme named LDLRS. This scheme uses the lattice structure and the short integer solution (SIS) problem on the lattice, and constructs an efficient and secure ring signature scheme by using the techniques of preimage sampling and reject sampling. After that, we provide the security proof of LDLRS to ensure the security of the scheme in theory. Finally, by analyzing the computational cost, we demonstrate the efficiency advantages of LDLRS in signature generation and verification compared with existing schemes.

Mathematics,Computer Science