Article

Ring signatures: stronger definitions, and constructions without random oracles

Authors:

Ruggero MorselliAuthors Info & Claims

TCC'06: Proceedings of the Third conference on Theory of Cryptography

Pages 60 - 79

https://doi.org/10.1007/11681878_4

Published: 04 March 2006 Publication History

Abstract

Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely “ad-hoc” and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature.

This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and then give separation results proving that our new notions are strictly stronger than previous ones. Next, we show two constructions of ring signature schemes in the standard model: one based on generic assumptions which satisfies our strongest definitions of security, and a second, more efficient scheme achieving weaker security guarantees and more limited functionality. These are the first constructions of ring signature schemes that do not rely on random oracles or ideal ciphers.

References

[1]

M. Abe, M. Ohkubo, and K. Suzuki. 1-out-of-n signatures from a variety of keys. In Advances in Cryptology -- Asiacrypt 2002.

Digital Library

[2]

B. Adida, S. Hohenberger, and R.L. Rivest. Ad-hoc-group signatures from hijacked keypairs. Available at http://theory.lcs.mit.edu/~srhohen/papers/AHR.pdf, 2005.

[3]

M. Bellare, D. Micciancio, and B. Warinschi. Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In Advances in Cryptology -- Eurocrypt 2003.

Digital Library

[4]

A. Bender, J. Katz, and R. Morselli. Ring signatures: Stronger definitions, and constructions without random oracles. Cryptology ePrint Archive, 2005. http://eprint.iacr.org/2005/304.

[5]

E. Bresson, J. Stern, and M. Szydlo. Threshold ring signatures and applications to ad-hoc groups. In Advances in Cryptology -- Crypto 2002.

Digital Library

[6]

D. Chaum and E. van Heyst. Group signatures. In Advances in Cryptology -- Eurocrypt '91.

Digital Library

[7]

L. Chen, C. Kudla, and K.G. Patterson. Concurrent signatures. In Advances in Cryptology -- Eurocrypt 2004.

[8]

S. S.M. Chow, J.K. Liu, and T. H. Yuen. Ring signature without random oracles. Cryptology ePrint Archive, 2005. http://eprint.iacr.org/2005/317.

[9]

R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Advances in Cryptology -- Crypto '94.

Digital Library

[10]

I. Damgård and J.B. Nielsen. Improved non-committing encryption schemes based on a general complexity assumption. In Advances in Cryptology -- Crypto 2000.

Digital Library

[11]

Y. Dodis, A. Kiayias, A. Nicolosi, and V. Shoup. Anonymous identification in ad-hoc groups. In Advances in Cryptology -- Eurocrypt 2002.

[12]

C. Dwork and M. Naor. Zaps and their applications. In Proc. 41st Annual Symposium on Foundations of Computer Science (FOCS). IEEE, 2000.

Digital Library

[13]

U. Feige, D. Lapidot, and A. Shamir. Multiple non-interactive zero knowledge proofs under general assumptions. SIAM J. Computing, 29(1):1-28, 1999.

Digital Library

[14]

A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology -- Crypto '86.

Digital Library

[15]

J. Herranz. Some digital signature schemes with collective signers. PhD thesis, Universitat Politècnica de Catalunya, Barcelona, April 2005. Available at http://www.lix.polytechnique.fr/~herranz/thesis.htm.

[16]

J. Herranz and G. Sáez. Forking lemmas for ring signature schemes. In Progress in Cryptology -- Indocrypt 2003.

[17]

M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In Advances in Cryptology -- Eurocrypt '96.

Digital Library

[18]

J.K. Liu, V.K. Wei, and D.S. Wong. Linkable spontaneous anonymous group signatures for ad hoc groups. In ACISP 2004.

[19]

M. Naor. Deniable ring authentication. In Advances in Cryptology -- Crypto 2002.

Digital Library

[20]

R.L. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In Asiacrypt 2001. Full version available at http://www.mit.edu/~tauman and to appear in Essays in Theoretical Computer Science: in Memory of Shimon Even.

Digital Library

[21]

B.Waters. Efficient identity-based encryption without random oracles. In Advances in Cryptology -- Eurocrypt 2005.

Digital Library

[22]

J. Xu, Z. Zhang, and D. Feng. A ring signature scheme using bilinear pairings. In Workshop on Information Security Applications (WISA), 2004.

Digital Library

[23]

F. Zhang and K. Kim. ID-based blind signature and ring signature from pairings. In Advances in Cryptology -- Asiacrypt 2002.

Digital Library

Cited By

Guo S(2024)Secure Monero on Corrupted Machines with Reverse FirewallsData Security and Privacy Protection10.1007/978-981-97-8540-7_4(52-68)Online publication date: 25-Oct-2024
https://dl.acm.org/doi/10.1007/978-981-97-8540-7_4
Khuc XSusilo WDuong DGuo FFukushima KKiyomoto S(2024)Threshold Ring Signatures with AccountabilityInformation Security and Privacy10.1007/978-981-97-5025-2_19(368-388)Online publication date: 15-Jul-2024
https://dl.acm.org/doi/10.1007/978-981-97-5025-2_19
Dao QJain AJin Z(2024)Non-interactive Zero-Knowledge from LPN and MQAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68400-5_10(321-360)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68400-5_10
Show More Cited By

Ring signatures: stronger definitions, and constructions without random oracles

Recommendations

Identity-based ring signatures from RSA

Shamir proposed in 1984 the first identity-based signature scheme, whose security relies on the RSA problem. A similar scheme was proposed by Guillou and Quisquater in 1988. Formal security of these schemes was not argued and/or proved until many years ...
Generalized Ring Signatures

Ring signature was first introduced in 2001. In a ring signature, instead of revealing the actual identity of the message signer, it specifies a set of possible signers. The verifier can be convinced that the signature was indeed generated by one of the ...
Ring signatures: universally composable definitions and constructions
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security

Though anonymity of ring signature schemes has been studied in many literatures for a long time, these papers showed different definitions and there is no consensus. Recently, Bender et al. proposed two new anonymity definitions of ring signature which ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

TCC'06: Proceedings of the Third conference on Theory of Cryptography

March 2006

616 pages

ISBN:3540327312

Editors:
Shai Halevi
IBM Research, Hawthorne, NY
,
Tal Rabin
IBM T.J.Watson Research Center, Hawthorne, NY

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 04 March 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

96
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Guo S(2024)Secure Monero on Corrupted Machines with Reverse FirewallsData Security and Privacy Protection10.1007/978-981-97-8540-7_4(52-68)Online publication date: 25-Oct-2024
https://dl.acm.org/doi/10.1007/978-981-97-8540-7_4
Khuc XSusilo WDuong DGuo FFukushima KKiyomoto S(2024)Threshold Ring Signatures with AccountabilityInformation Security and Privacy10.1007/978-981-97-5025-2_19(368-388)Online publication date: 15-Jul-2024
https://dl.acm.org/doi/10.1007/978-981-97-5025-2_19
Dao QJain AJin Z(2024)Non-interactive Zero-Knowledge from LPN and MQAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68400-5_10(321-360)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68400-5_10
Li NLi YMiyaji ATian YYuen T(2023)A Practical Forward-Secure DualRingCryptology and Network Security10.1007/978-981-99-7563-1_23(516-537)Online publication date: 30-Oct-2023
https://dl.acm.org/doi/10.1007/978-981-99-7563-1_23
Khuc TSusilo WDuong DGuo FFukushima KKiyomoto S(2023)Compact Accountable Ring Signatures in the Plain ModelInformation Security and Cryptology10.1007/978-981-97-0942-7_2(23-43)Online publication date: 9-Dec-2023
https://dl.acm.org/doi/10.1007/978-981-97-0942-7_2
Couteau GJain AJin ZQuach W(2023)A Note on Non-interactive Zero-Knowledge from CDHAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38551-3_23(731-764)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38551-3_23
Branco PDöttling NWohnig S(2022)Universal Ring Signatures in the Standard ModelAdvances in Cryptology – ASIACRYPT 202210.1007/978-3-031-22972-5_9(249-278)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-22972-5_9
Canetti RSarkar PWang X(2022)Triply Adaptive UC NIZKAdvances in Cryptology – ASIACRYPT 202210.1007/978-3-031-22966-4_16(466-495)Online publication date: 5-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-22966-4_16
Bultel XFraser AQuaglia E(2022)Improving the Efficiency of Report and Trace Ring SignaturesStabilization, Safety, and Security of Distributed Systems10.1007/978-3-031-21017-4_9(130-145)Online publication date: 15-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-21017-4_9
Bootle JElkhiyaoui KHesse JManevich Y(2022)DualDory: Logarithmic-Verifier Linkable Ring Signatures Through PreprocessingComputer Security – ESORICS 202210.1007/978-3-031-17146-8_21(427-446)Online publication date: 26-Sep-2022
https://dl.acm.org/doi/10.1007/978-3-031-17146-8_21
Show More Cited By

View Options

View options

Figures

Tables

Media

View Table of Conten