Accountable Ring Signatures: A Smart Card Approach
Shouhuai Xu2004, IFIP International Federation for Information Processing
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Ring signatures are an important primitive for protecting signers' privacy while ensuring that a signature in question is indeed issued by some qualified user. This notion can be seen as a generalization of the well-known notion of group signatures. A group signature is a signature such that a verifier can establish its validity but not the identity of the actual signer, who can nevertheless be identified by a designated entity called group manager. A ring signature is also a signature such that a verifier can establish its validity but not the identity of the actual signer, who indeed can never be identified by any party. An important advantage of ring signatures over group signatures is that there is no need to pre-specify rings or groups of users.
Related papers
A Survey on Group Signatures and Ring Signatures: Traceability vs. Anonymity
Cryptography
This survey reviews the two most prominent group-oriented anonymous signature schemes and analyzes the existing approaches for their problem: balancing anonymity against traceability. Group signatures and ring signatures are the two leading competitive signature schemes with a rich body of research. Both group and ring signatures enable user anonymity with group settings. Any group user can produce a signature while hiding his identity in a group. Although group signatures have predefined group settings, ring signatures allow users to form ad-hoc groups. Preserving user identities provided an advantage for group and ring signatures. Thus, presently many applications utilize them. However, standard group signatures enable an authority to freely revoke signers’ anonymity. Thus, the authority might weaken the anonymity of innocent users. On the other hand, traditional ring signatures maintain permanent user anonymity, allowing space for malicious user activities; thus achieving the req...
A Review Of Ring Signature Schemes For Authentic And Anonymous Data Sharing
Data sharing becoming more and more challenging today there are number of environment like data authenticity, anonymity, availability, access control and efficiency. The concept of ring signature seems promising for data sharing system. A ring signature is a simplified group signature without any manager. It protects the anonymity of the signature producer. In this paper we review the state of the art of ring signature schemes in the literature and investigated their relationship with other existing schemes to improve ring signature like blind signature, threshold signature, identity-based (ID-based) ring signature and other to improve the security.
Ring Signatures: Stronger Definitions, and Constructions without Random Oracles
Journal of Cryptology, 2009
Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely "ad-hoc" and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature. This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and give separation results proving that our new notions are strictly stronger than previous ones. Second, we show the first constructions of ring signature schemes in the standard model. One scheme is based on generic assumptions and satisfies our strongest definitions of security. Two additional schemes are more efficient, but achieve weaker security guarantees and more limited functionality.
DID:RING: Ring Signatures using Decentralised Identifiers For Privacy-Aware Identity
arXiv (Cornell University), 2024
Decentralised identifiers have become a standardised element of digital identity architecture, with supra-national organisations such as the European Union adopting them as a key component for a unified European digital identity ledger. This paper delves into enhancing security and privacy features within decentralised identifiers by integrating ring signatures as an alternative verification method. This allows users to identify themselves through digital signatures without revealing which public key they used. To this end, the study proposed a novel decentralised identity method showcased in a decentralised identifierbased architectural framework. Additionally, the investigation assesses the repercussions of employing this new method in the verification process, focusing specifically on privacy and security aspects. Although ring signatures are an established asset of cryptographic protocols, this paper seeks to leverage their capabilities in the evolving domain of digital identities.
Short Linkable Ring Signatures Revisited
2006
Abstract. Ring signature is a group-oriented signature in which the signer can spontaneously form a group and generate a signature such that the verifier is convinced the signature was generated by one member of the group and yet does not know who actually signed. Linkable ring signature is a variant such that two signatures can be linked if and only if they were signed by the same person. Recently, the first short linkable ring signature has been proposed.
Forward secure ID based ring signature for data sharing
INTERNATIONAL JOURNAL OF ADVANCE RESEARCH, IDEAS AND INNOVATIONS IN TECHNOLOGY
Cloud computing provides services where one can access information from any place, from anywhere, at any time. So basically cloud computing is subscription based service where one can obtain network storage space and computer resources for data storage as well as data sharing. Due to high fame of cloud for data storage and sharing, a large number of participants gets attracted to it. The security is the biggest concern for the adoption of the cloud. The major issues in this regard are efficiency, data integrity, privacy, and authentication. In order to handle these issues concept of a ring, the signature has been introduced for data sharing amongst a large number of users. Ring signatures are used to provide user's anonymity and signer's privacy. But the expensive certificate verification within the ancient Public Key Infrastructure (PKI) setting becomes a bottleneck for this solution to be scalable. ID-based ring signature had been introduced which eliminates the process of certificate verification. Further enhancement of security with forwarding security concept has been introduced. According to this idea, if a secret key of any user has been compromised; all previously generated signatures that embrace this user still stay valid. This property is very vital to any giant scale knowledge sharing system because it is not possible to raise all knowledge data owners to re-authenticate their data whether or not a secret key of 1 single user has been compromised. Thus we propose a secure ID-based ring signature with forwarding security.
Optimistic Fair Exchange of Ring Signatures
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2012
An optimistic fair exchange (OFE) protocol is an effective tool helping two parties exchange their digital items in an equitable way with assistance of a trusted third party, called arbitrator, who is only required if needed. In previous studies, fair exchange is usually carried out between individual parties. When fair exchange is carried our between two members from distinct groups, anonymity of the signer in a group could be necessary for achieving better privacy. In this paper, we consider optimistic fair exchange of ring signatures (OFERS), i.e. two members from two different groups can exchange their ring signatures in a fair way with ambiguous signers. Each user in these groups has its own public-private key pair and is able to sign a message on behalf of its own group anonymously. We first define the security model of OFFERS in the multiuser setting under adaptive chosen message, chosen-key and chosen public-key attacks. Then, based on verifiable encrypted ring signatures (VERS) we construct a concrete scheme by combining the technologies of ring signatures, public-key encryption and proof of knowledge. Finally, we show that our OFERS solution is provably secure in our security model, and preserving signer-ambiguity of ring signatures. To the best of our knowledge, this is the first (formal) work on this topic.
Identity-based quotable ring signature
Information Sciences, 2015
We present a new notion of identity-based quotable ring signature. This new cryptographic primitive can be used to derive new ring signatures on substrings of an original message from an original ring signature on the original message, which is generated by the actual signer included in the ring. No matter whether a ring signature is originally generated or is quoted from another valid ring signature, it will convince the verifier that it is generated by one of the ring members, without revealing any information about which ring member is the actual signer. The set of ring members could be arbitrarily selected by the actual signer without need of other ring members' approval. The actual signer is anonymous among this set of ring members. At the same time, the verifier could not distinguish whether a ring signature is originally generated or is quoted from another ring signature. In this paper, we propose a concrete identity-based quotable ring signature scheme based on bilinear pairing. We make use of bilinear groups of composite order. The construction is identity-based to alleviate the problem of certificate verification, especially for applications involving a large number of public keys in each execution such as ring signature schemes. The proposed scheme is proven to be anonymous under the assumption that the Subgroup Decision Problem is hard, selectively unforgeable against adaptively chosen message attacks in the random oracle model under the assumption that the Computational Diffie-Hellman problem is hard, and strongly context hiding
Realizing fully secure unrestricted ID-based ring signature in the standard model based on HIBE
IEEE Transactions on Information Forensics and Security, 2013
2013). Realizing fully secure unrestricted ID-based ring signature in the standard model based on HIBE.
Related topics
Related papers
Implementing group signature schemes with smart cards
Proceedings of the 5th conference on Smart Card …, 2002
Group signature schemes allow a group member to sign messages on behalf of the group. Such signatures must be anonymous and unlinkable but, whenever needed, a designated group manager can reveal the identity of the signer. During the last decade group signatures have been playing an important role in cryptographic research; many solutions have been proposed and some of them are quite efficient, with constant size of signatures and keys ([1], [6], [7] and [15]). However, some problems still remain among which the large number of computations during the signature protocol and the difficulty to achieve coalition-resistance and to deal with member revocation. In this paper we investigate the use of a tamper-resistant device (typically a smart card) to efficiently solve those problems.
Escrowed Linkability of Ring Signatures and its Applications
2006
Ring signatures allow a user to sign anonymously on behalf of a group of spontaneously conscripted members. Two ring signatures are linked if they are issued by the same signer. We introduce the notion of Escrowed Linkability of ring signatures, such that only a Linking Authority can link two ring signatures; otherwise two ring signatures remain unlinkable to anyone.
Controllable Ring Signatures
Lecture Notes in Computer Science
This paper introduces a new concept called controllable ring signature which is ring signature with additional properties as follow. (1) Anonymous identification: by an anonymous identification protocol, the real signer can anonymously prove his authorship of the ring signature to the verifier. And this proof is non-transferable. (2) Linkable signature: the real signer can generate an anonymous signature such that every one can verify whether both this anonymous signature and the ring signature are generated by the same anonymous signer. (3) Convertibility: the real signer can convert a ring signature into an ordinary signature by revealing the secret information about the ring signature. These additional properties can fully ensure the interests of the real signer. Especially, compared with a standard ring signature, a controllable ring signature is more suitable for the classic application of leaking secrets. We construct a controllable ring signature scheme which is provably secure according to the formal definition.
Anonymous Proof of Membership with Ring Signature
2005 IEEE International Conference on Electro Information Technology, 2005
As the Internet becomes omnipresent, people nowadays depend heavily on the on-line services for their shopping and banking transactions. However, users register for on-line services may not like their activities being logged and analyzed by the service providers. Anonymity is essential in the protection of users' privacy, especially now when the Internet is a treacherous place full of embezzlers trying to collect information of others. In 2001, Rivest et al. introduced and formalized the ring signature in which the verifier is convinced that the message must be signed by one of the ring members but is unable to determine which one. Ring signature is very useful for proving membership anonymously. With a ring signature scheme, a paid customer can prove his membership by involving other legitimate users' identity without help from the manager. In this paper, we propose a ring signature scheme based on the El Gamal digital signature scheme that is provably secure against adaptively chosen ciphertext attack.
Controllable Ring Signatures and Its Application to E-Prosecution
Journal of Computers, 2013
This paper introduces a new concept called controllable ring signature which is ring signature with additional properties as follow. (1) Anonymous identification: by an anonymous identification protocol, the real signer can anonymously prove his authorship of the ring signature to the verifier. And this proof is non-transferable. (2) Linkable signature: the real signer can generate an anonymous signature such that every one can verify whether both this anonymous signature and the ring signature are generated by the same anonymous signer. (3) Convertibility: the real signer can convert a ring signature into an ordinary signature by revealing the secret information about the ring signature. These additional properties can fully ensure the interests of the real signer. Especially, compared with a standard ring signature, a controllable ring signature is more suitable for the classic application of leaking secrets. We construct a controllable ring signature scheme which is provably secure according to the formal definition. As an application, we design a E-prosecution scheme based on this controllable ring signature scheme and show its security.
An identity-based ring signature scheme with enhanced privacy
… and Workshops, 2006, 2006
There are many applications in which it is necessary to transmit authenticatable messages while achieving certain privacy goals such as signer ambiguity. The emerging area of vehicular ad-hoc network is a good example application domain with this requirement. The ring signature technique that uses an ad-hoc group of signer identities is a widely used method for generating this type of privacy preserving digital signatures. The identity-based cryptographic techniques do not require certificates. The construction of ring signatures using identity-based cryptography allow for privacy preserving digital signatures to be created in application when certificates are not readily available or desirable such as in vehicle area networks. We propose a new designated verifier identitybased ring signature scheme that is secure against full key exposure attacks even for a small group size. This is a general purpose primitive that can be used in many application domains such as ubiquitous computing where signer ambiguity is required in small groups. We consider the usefulness of identity-based cryptographic primitives in vehicular adhoc networks and use a specific example application to illustrate the use of identity-based ring signatures as a tool to create privacy preserving authenticatable messages.
Efficient Identity Based Ring Signature
2005
Identity-based (ID-based) cryptosystems eliminate the need for validity checking of the certificates and the need for registering for a certificate before getting the public key. These two features are desirable especially for the efficiency and the real spontaneity of ring signature, where a user can anonymously sign a message on behalf of a group of spontaneously conscripted users including the actual signer.
Forcing out a confession: Threshold discernible ring signatures
2010
Ring signature schemes (?) enable a signer to sign a message and remain hidden within an arbitrary group A of n people, called a ring. The signer may choose this ring arbitrarily without any setup procedure or the consent of anyone in A. Among several variations of the notion, step out ring signatures introduced in (?) address the issue of a ring member proving that she is not the original signer of a message, in case of dispute. First we show that the scheme in (?) has several flaws and design a correct scheme and prove formally the security of the same. Then we use the basic constructs of our scheme to design a protocol for a new problem, which we refer to as threshold discernible ring signatures. In threshold discernible ring signatures, a group B of t members can co-operate to identify the original signer of a ring signature that involved a group A of n alleged signers, where B ⊂ A and n > t. This is the first time that this problem is considered in the literature and we form...
Privacy Preservation for Transaction Initiators: Stronger Key Image Ring Signature and Smart Contract-Based Framework
Computer Science
Recently, blockchain technology has garnered support. However, an attenuating factor to its global adoption in certain use cases is privacy-preservation owing to its inherent transparency. A widely explored cryptographic option to address this challenge has been ring signature which aside its privacy guarantee must be double spending resistant. In this paper, we identify and prove a catastrophic flaw for double-spending attack in a Lightweight Ring Signature scheme and proceed to construct a new, fortified commitment scheme using the signer’s entire private key. Subsequently, we compute a stronger key image to yield a double-spending-resistant signature scheme solidly backed by formal proof. Inherent in our solution is a novel, zero-knowledge-based, secured and cost-effective smart contract for public key aggregation. We test our solution on a private blockchain as well as Kovan testnet along with performance analysis attesting to efficiency and usability and make the code publicly ...
Identity-Based Ring Signcryption Schemes: Cryptographic Primitives for Preserving Privacy and Authenticity in the Ubiquitous World
19th International Conference on Advanced Information Networking and Applications (AINA'05) Volume 1 (AINA papers), 2005
In this paper, we present a new concept called an identity based ring signcryption scheme (IDRSC). We argue that this is an important cryptographic primitive that must be used to protect privacy and authenticity of a collection of users who are connected through an ad-hoc network, such as Bluetooth. We also present an efficient IDRSC scheme based on bilinear pairing. As a regular signcryption scheme, our scheme combines the functionality of signature and encryption schemes. However, the idea is to have an identity based system. In our scheme, a user can anonymously signcrypts a message on behalf of the group. We show that our scheme outperforms a traditional identity based scheme, that is obtained by a standard sign-then-encrypt mechanism, in terms of the length of the ciphertext. We also provide a formal proof of our scheme with the chosen ciphertext security under the Decisional Bilinear Diffie-Hellman assumption, which is believed to be intractable.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.