Short Linkable Ring Signatures Revisited
Sherman S.M. Chow2006
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Abstract. Ring signature is a group-oriented signature in which the signer can spontaneously form a group and generate a signature such that the verifier is convinced the signature was generated by one member of the group and yet does not know who actually signed. Linkable ring signature is a variant such that two signatures can be linked if and only if they were signed by the same person. Recently, the first short linkable ring signature has been proposed.
Related papers
Escrowed Linkability of Ring Signatures and its Applications
2006
Ring signatures allow a user to sign anonymously on behalf of a group of spontaneously conscripted members. Two ring signatures are linked if they are issued by the same signer. We introduce the notion of Escrowed Linkability of ring signatures, such that only a Linking Authority can link two ring signatures; otherwise two ring signatures remain unlinkable to anyone.
Ring Signatures: Stronger Definitions, and Constructions without Random Oracles
Journal of Cryptology, 2009
Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely "ad-hoc" and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature. This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and give separation results proving that our new notions are strictly stronger than previous ones. Second, we show the first constructions of ring signature schemes in the standard model. One scheme is based on generic assumptions and satisfies our strongest definitions of security. Two additional schemes are more efficient, but achieve weaker security guarantees and more limited functionality.
A Survey on Group Signatures and Ring Signatures: Traceability vs. Anonymity
Cryptography
This survey reviews the two most prominent group-oriented anonymous signature schemes and analyzes the existing approaches for their problem: balancing anonymity against traceability. Group signatures and ring signatures are the two leading competitive signature schemes with a rich body of research. Both group and ring signatures enable user anonymity with group settings. Any group user can produce a signature while hiding his identity in a group. Although group signatures have predefined group settings, ring signatures allow users to form ad-hoc groups. Preserving user identities provided an advantage for group and ring signatures. Thus, presently many applications utilize them. However, standard group signatures enable an authority to freely revoke signers’ anonymity. Thus, the authority might weaken the anonymity of innocent users. On the other hand, traditional ring signatures maintain permanent user anonymity, allowing space for malicious user activities; thus achieving the req...
A Review Of Ring Signature Schemes For Authentic And Anonymous Data Sharing
Data sharing becoming more and more challenging today there are number of environment like data authenticity, anonymity, availability, access control and efficiency. The concept of ring signature seems promising for data sharing system. A ring signature is a simplified group signature without any manager. It protects the anonymity of the signature producer. In this paper we review the state of the art of ring signature schemes in the literature and investigated their relationship with other existing schemes to improve ring signature like blind signature, threshold signature, identity-based (ID-based) ring signature and other to improve the security.
Controllable Ring Signatures
Lecture Notes in Computer Science
This paper introduces a new concept called controllable ring signature which is ring signature with additional properties as follow. (1) Anonymous identification: by an anonymous identification protocol, the real signer can anonymously prove his authorship of the ring signature to the verifier. And this proof is non-transferable. (2) Linkable signature: the real signer can generate an anonymous signature such that every one can verify whether both this anonymous signature and the ring signature are generated by the same anonymous signer. (3) Convertibility: the real signer can convert a ring signature into an ordinary signature by revealing the secret information about the ring signature. These additional properties can fully ensure the interests of the real signer. Especially, compared with a standard ring signature, a controllable ring signature is more suitable for the classic application of leaking secrets. We construct a controllable ring signature scheme which is provably secure according to the formal definition.
An efficient ring signature scheme from pairings
Ring signature is a group-oriented signature with privacy concerns: any verifier can be convinced that the message has been signed by one of the members in the group, but the actual signer remains unknown. Several ring signature schemes based on bilinear pairings have been proposed. However, computational complexity for pairing computations of these ring signature schemes grows linearly with the size of the ring. In this paper, we propose an efficient ring signature with constant pairing computations and give its exact security proofs in the random oracle model under the Computational co-Diffie–Hellman assumption. We then investigate the performance of our scheme by choosing the Optimal Ate pairing on the BN curve defined over a prime field at a 128-bit security level.
One-Way Signature Chaining: a new paradigm for group cryptosystems
International Journal of Information and Computer Security, 2008
In this paper, we describe a new cryptographic primitive called (One-Way) Signature Chaining. Signature chaining is essentially a method of generating a chain of signatures on the same message by different users. Each signature acts as a "link" of the chain. The one-way-ness implies that the chaining process is one-way in the sense that more links can be easily added to the chain. However, it is computationally infeasible to remove any intermediate links without removing all the links. The signatures so created are called chain signatures (CS). We give precise definitions of chain signatures and discuss some applications in trust transfer. We then present a practical construction of a CS scheme that is secure (in the random oracle model) under the Computational Diffie-Hellman (CDH) assumption in bilinear maps.
Forward secure ID based ring signature for data sharing
INTERNATIONAL JOURNAL OF ADVANCE RESEARCH, IDEAS AND INNOVATIONS IN TECHNOLOGY
Cloud computing provides services where one can access information from any place, from anywhere, at any time. So basically cloud computing is subscription based service where one can obtain network storage space and computer resources for data storage as well as data sharing. Due to high fame of cloud for data storage and sharing, a large number of participants gets attracted to it. The security is the biggest concern for the adoption of the cloud. The major issues in this regard are efficiency, data integrity, privacy, and authentication. In order to handle these issues concept of a ring, the signature has been introduced for data sharing amongst a large number of users. Ring signatures are used to provide user's anonymity and signer's privacy. But the expensive certificate verification within the ancient Public Key Infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. ID-based ring signature had been introduced which eliminates the process of certificate verification. Further enhancement of security with forwarding security concept has been introduced. According to this idea, if a secret key of any user has been compromised; all previously generated signatures that embrace this user still stay valid. This property is very vital to any giant scale knowledge sharing system because it is not possible to raise all knowledge data owners to re-authenticate their data whether or not a secret key of 1 single user has been compromised. Thus we propose a secure ID-based ring signature with forwarding security.
A suite of id-based threshold ring signature schemes with different levels of anonymity
2005
Abstract. Since the introduction of Identity-based (ID-based) cryptography by Shamir in 1984, numerous ID-based signature schemes have been proposed. In 2001, Rivest et al. introduced ring signature that provides irrevocable signer anonymity and spontaneous group formation. In recent years, ID-based ring signature schemes have been proposed and all of them are based on bilinear pairings. In this paper, we propose the first ID-based threshold ring signature scheme that is not based on bilinear pairings.
Anonymous Proof of Membership with Ring Signature
2005 IEEE International Conference on Electro Information Technology, 2005
As the Internet becomes omnipresent, people nowadays depend heavily on the on-line services for their shopping and banking transactions. However, users register for on-line services may not like their activities being logged and analyzed by the service providers. Anonymity is essential in the protection of users' privacy, especially now when the Internet is a treacherous place full of embezzlers trying to collect information of others. In 2001, Rivest et al. introduced and formalized the ring signature in which the verifier is convinced that the message must be signed by one of the ring members but is unable to determine which one. Ring signature is very useful for proving membership anonymously. With a ring signature scheme, a paid customer can prove his membership by involving other legitimate users' identity without help from the manager. In this paper, we propose a ring signature scheme based on the El Gamal digital signature scheme that is provably secure against adaptively chosen ciphertext attack.
Related papers
Id-based ring signature and proxy ring signature schemes from bilinear pairings. Cryptology ePrint Archive, Report 2004/184
Advances in Neural Information Processing Systems. …, 2004
ID-based ring signature and proxy ring signature schemes from bilinear pairings
Arxiv preprint cs/0504097, 2005
Accountable Ring Signatures: A Smart Card Approach
IFIP International Federation for Information Processing, 2004
Ring signatures are an important primitive for protecting signers' privacy while ensuring that a signature in question is indeed issued by some qualified user. This notion can be seen as a generalization of the well-known notion of group signatures. A group signature is a signature such that a verifier can establish its validity but not the identity of the actual signer, who can nevertheless be identified by a designated entity called group manager. A ring signature is also a signature such that a verifier can establish its validity but not the identity of the actual signer, who indeed can never be identified by any party. An important advantage of ring signatures over group signatures is that there is no need to pre-specify rings or groups of users.
Secure ID-based linkable and revocable-iff-linked ring signature with constant-size construction
Theoretical Computer Science, 2013
In this paper, we propose a new ID-based event-oriented linkable ring signature scheme, with an option as revocable-iff-linked. With this option, if a user generates two linkable ring signatures in the same event, everyone can compute his identity from these two signatures. We are the first in the literature to propose such a secure construction in ID-based setting. Even compared with other existing non ID-based schemes, we enjoy significant efficiency improvement, including constant signature size and linking complexity.
Controllable Ring Signatures and Its Application to E-Prosecution
Journal of Computers, 2013
This paper introduces a new concept called controllable ring signature which is ring signature with additional properties as follow. (1) Anonymous identification: by an anonymous identification protocol, the real signer can anonymously prove his authorship of the ring signature to the verifier. And this proof is non-transferable. (2) Linkable signature: the real signer can generate an anonymous signature such that every one can verify whether both this anonymous signature and the ring signature are generated by the same anonymous signer. (3) Convertibility: the real signer can convert a ring signature into an ordinary signature by revealing the secret information about the ring signature. These additional properties can fully ensure the interests of the real signer. Especially, compared with a standard ring signature, a controllable ring signature is more suitable for the classic application of leaking secrets. We construct a controllable ring signature scheme which is provably secure according to the formal definition. As an application, we design a E-prosecution scheme based on this controllable ring signature scheme and show its security.
Identity-based quotable ring signature
Information Sciences, 2015
We present a new notion of identity-based quotable ring signature. This new cryptographic primitive can be used to derive new ring signatures on substrings of an original message from an original ring signature on the original message, which is generated by the actual signer included in the ring. No matter whether a ring signature is originally generated or is quoted from another valid ring signature, it will convince the verifier that it is generated by one of the ring members, without revealing any information about which ring member is the actual signer. The set of ring members could be arbitrarily selected by the actual signer without need of other ring members' approval. The actual signer is anonymous among this set of ring members. At the same time, the verifier could not distinguish whether a ring signature is originally generated or is quoted from another ring signature. In this paper, we propose a concrete identity-based quotable ring signature scheme based on bilinear pairing. We make use of bilinear groups of composite order. The construction is identity-based to alleviate the problem of certificate verification, especially for applications involving a large number of public keys in each execution such as ring signature schemes. The proposed scheme is proven to be anonymous under the assumption that the Subgroup Decision Problem is hard, selectively unforgeable against adaptively chosen message attacks in the random oracle model under the assumption that the Computational Diffie-Hellman problem is hard, and strongly context hiding
Efficient and Generalized Group Signatures
Lecture Notes in Computer Science, 1997
. The concept of group signatures was introduced by Chaumet al. at Eurocrypt "91. It allows a member of a group to sign messagesanonymously on behalf of the group. In case of a later dispute adesignated group manager can revoke the anonymity and identify theoriginator of a signature. In this paper we propose a new efficient groupsignature scheme. Furthermore we
Identity-Based Linkable Ring Signatures From Lattices
IEEE Access, 2021
Linkable ring signatures is a useful cryptographic tool for constructing applications such as ones relative to electronic voting (e-voting), digital cashes (e-cashes) as well as cloud computing. Equipped with linkable ring signatures, e-voting, e-cash systems can simultaneously enjoy the privacy and the unreusability properties thanks to the anonymity and the linkability of linkable ring signatures. Likewise, cloud servers can enjoy a privacy-preserving ability, a flexible access control and an efficient security management with linkable ring signatures. Moreover, linkable ring signatures built in the identity-based setting would help to remove the expense of using the conventional public key infrastructure and also could be applied to the user management. This primitive hence would be suitable for huge-scale applications. In this paper, we present the first identity-based linkable ring signatures (IdLRS) in both integer lattice and ideal lattice setting. The proposed IdLRS is proved secure in the random oracle model and based on the hardness of the short integer solution and ring short integer solution assumption. We also implement the proposed idLRS as a proof of concept and then do some experiments to evaluate the running times and the sizes. INDEX TERMS Identity-based linkable ring signatures, e-voting, e-cash, cloud computing, lattices.
Ring Signatures Without Random Oracles
2006
Since the formalization of ring signature by Rivest, Shamir and Tauman in 2001, there are lots of variations appeared in the literature. Almost all of the variations rely on the random oracle model for security proof. In this paper, we propose a ring signature scheme based on bilinear pairings, which is proven to be secure against adaptive chosen message attack without using the random oracle model. It is one of the first in the literature to achieve this security level.
This document is currently being converted. Please check back in a few minutes.