Abstract
A 1-out-of-N ring signature scheme, introduced by Rivest, Shamir, and Tauman-Kalai (ASIACRYPT ’01), allows a signer to sign a message as part of a set of size N (the so-called “ring”) which are anonymous to any verifier, including other members of the ring. Threshold ring (or “thring”) signatures generalize ring signatures to t-out-of-N parties, with \(t \ge 1\), who anonymously sign messages and show that they are distinct signers (Bresson et al., CRYPTO’02).
Until recently, there was no construction of ring signatures that both (i) had logarithmic signature size in N, and (ii) was secure in the plain model. The work of Backes et al. (EUROCRYPT’19) resolved both these issues. However, threshold ring signatures have their own particular problem: with a threshold \(t \ge 1\), signers must often reveal their identities to the other signers as part of the signing process. This is an issue in situations where a ring member has something controversial to sign; he may feel uncomfortable requesting that other members join the threshold, as this reveals his identity.
Building on the Backes et al. template, in this work we present the first construction of a thring signature that is logarithmic-sized in N, in the plain model, and does not require signers to interact with each other to produce the thring signature.
We also present a linkable counterpart to our construction, which supports a fine-grained control of linkability. Moreover, our thring signatures can easily be adapted to achieve the recent notions of claimability and repudiability (Park and Sealfon, CRYPTO’19).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We note that in a concurrent and independent work in [21], Lin and Wang propose a modification of BDH\(^+\) that use VRFs instead of signatures to achieve repudiability. We note that their ideas do not extend to thring signatures and thus their approach cannot be directly compared to our work.
- 2.
The restriction is that the domain and range of \(\mathsf {F}\) is the same.
- 3.
The evaluation of their \(\mathsf JointVerify\) algorithm which they need to prove with their NIWI, when unrolled gives 480 clauses, where each clause is a conjunction of 5 verification statements of a commitment scheme.
- 4.
A one-way permutation where the domain and range are equal can be used here.
- 5.
- 6.
Though key privacy and key collision resistance seem natural in this approach, a formal treatment is missing.
References
Alwen, J., Krenn, S., Pietrzak, K., Wichs, D.: Learning with rounding, revisited. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 57–74. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_4
Backes, M., Döttling, N., Hanzlik, L., Kluczniak, K., Schneider, J.: Ring signatures: Logarithmic-size, no setup – from standard assumptions. Cryptology ePrint Archive, Report 2019/196 (2019)
Backes, M., Döttling, N., Hanzlik, L., Kluczniak, K., Schneider, J.: Ring signatures: logarithmic-size, no setup—from standard assumptions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11478, pp. 281–311. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_10
Badrinarayanan, S., Fernando, R., Jain, A., Khurana, D., Sahai, A.: Statistical ZAP arguments. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 642–667. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_22
Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random oracles. J. Cryptol. 22(1), 114–138 (2009)
Bresson, E., Stern, J., Szydlo, M.: Threshold ring signatures and applications to ad-hoc groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 465–480. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_30
Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM CCS (2004)
Buchmann, J., Dahmen, E., Ereth, S., Hülsing, A., Rückert, M.: On the security of the winternitz one-time signature scheme. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 363–378. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21969-6_23
Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.Ø.: Formal treatment of privacy-enhancing credential systems. In: SAC (2015)
Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: ACM CCS (2017)
Chatterjee, R., et al.: Compact ring signatures from learning with errors. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 282–312. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_11
Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_36
Dodis, Yevgeniy, Yampolskiy, Aleksandr: A verifiable random function with short proofs and keys. In: Vaudenay, Serge (ed.) PKC 2005. LNCS, vol. 3386, pp. 416–431. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30580-4_28
Dwork, C., Naor, M.: Zaps and their applications. In: 41st FOCS (2000)
Feige, U., Shamir, A.: Witness indistinguishable and witness hiding protocols. In: STOC (1990)
Fujisaki, Eiichiro, Suzuki, Koutarou: Traceable ring signature. In: Okamoto, Tatsuaki, Wang, Xiaoyun (eds.) PKC 2007. LNCS, vol. 4450, pp. 181–200. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_13
Goyal, R., Hohenberger, S., Koppula, V., Waters, B.: A generic approach to constructing and proving verifiable random functions. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10678, pp. 537–566. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70503-3_18
Goyal, V., Jain, A., Jin, Z., Malavolta, G.: Statistical zaps and new oblivious transfer protocols. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 668–699. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_23
Groth, J.: Simulation-sound NIZK proofs for a practical language and constant size group signatures. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 444–459. Springer, Heidelberg (2006). https://doi.org/10.1007/11935230_29
Hofheinz, D., Jager, T.: Verifiable random functions from standard assumptions. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 336–362. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49096-9_14
Lin, H., Wang, M.: Repudiable ring signature: Stronger security and logarithmic-size. Cryptology ePrint Archive, Report 2019/1269 (2019)
Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_21
Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_28
Lysyanskaya, A.: Unique signatures and verifiable random functions from the DH-DDH separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 597–612. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_38
Micali, S., Rabin, M.O., Vadhan, S.P.: Verifiable random functions. In: 40th FOCS (1999)
Munch-Hansen, A., Orlandi, C., Yakoubov, S.: Stronger notions and a more efficient construction of threshold ring signatures. In: Longa, P., Ràfols, C. (eds.) LATINCRYPT 2021. LNCS, vol. 12912, pp. 363–381. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88238-9_18
Okamoto, T., Tso, R., Yamaguchi, M., Okamoto, E.: A \(k\)-out-of-\(n\) ring signature with flexible participation for signers. Cryptology ePrint Archive, Report 2018/728 (2018)
Okamoto, T., Pietrzak, K., Waters, B., Wichs, D.: New realizations of somewhere statistically binding hashing and positional accumulators. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 121–145. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48797-6_6
Park, S., Sealfon, A.: It wasn’t me! - repudiability and claimability of ring signatures. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 159–190. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_6
Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_32
Sahai, A.: Simulation-sound non-interactive zero knowledge. Technical report, IBM RESEARCH REPORT RZ 3076 (2000)
Tsang, P.P., Wei, V.K.: Short linkable ring signatures for e-voting, e-cash and attestation. In: Deng, R.H., Bao, F., Pang, H.H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 48–60. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31979-5_5
Acknowledgments
We thank anonymous reviewers for their comments. This work was in part funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 830929 (CyberSec4Europe) and by the Austrian Science Fund (FWF) and netidee SCIENCE under grant agreement P31621-N38 (PROFET).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 International Association for Cryptologic Research
About this paper
Cite this paper
Haque, A., Krenn, S., Slamanig, D., Striecks, C. (2022). Logarithmic-Size (Linkable) Threshold Ring Signatures in the Plain Model. In: Hanaoka, G., Shikata, J., Watanabe, Y. (eds) Public-Key Cryptography – PKC 2022. PKC 2022. Lecture Notes in Computer Science(), vol 13178. Springer, Cham. https://doi.org/10.1007/978-3-030-97131-1_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-97131-1_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-97130-4
Online ISBN: 978-3-030-97131-1
eBook Packages: Computer ScienceComputer Science (R0)