Advertisement

Journal of Cryptology

, Volume 22, Issue 1, pp 114–138 | Cite as

Ring Signatures: Stronger Definitions, and Constructions without Random Oracles

  • Adam Bender
  • Jonathan KatzEmail author
  • Ruggero Morselli
Article

Abstract

Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely “ad-hoc” and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature.

This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and give separation results proving that our new notions are strictly stronger than previous ones. Second, we show the first constructions of ring signature schemes in the standard model. One scheme is based on generic assumptions and satisfies our strongest definitions of security. Two additional schemes are more efficient, but achieve weaker security guarantees and more limited functionality.

Keywords

Signatures Anonymity 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    M. Abe, M. Ohkubo, K. Suzuki, 1-out-of-n signatures from a variety of keys, in Advances in Cryptology—Asiacrypt 2002, ed. by Y. Zheng. Lecture Notes in Computer Science, vol. 2501 (Springer, Berlin, 2002), pp. 415–432 CrossRefGoogle Scholar
  2. [2]
    B. Adida, S. Hohenberger, R.L. Rivest, Ad-hoc-group signatures from hijacked keypairs. A preliminary version was presented at the DIMACS Workshop on Theft in E-Commerce, 2005. Manuscript available at http://theory.lcs.mit.edu/~rivest/publications.html
  3. [3]
    M. Bellare, D. Micciancio, B. Warinschi, Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions, in Advances in Cryptology—Eurocrypt 2003, ed. by E. Biham. Lecture Notes in Computer Science, vol. 2656 (Springer, Berlin, 2003), pp. 614–629 CrossRefGoogle Scholar
  4. [4]
    A. Bender, J. Katz, R. Morselli, Ring signatures: Stronger definitions, and constructions without random oracles, in Third Theory of Cryptography Conference, TCC 2006, ed. by S. Halevi, T. Rabin. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 60–79 Google Scholar
  5. [5]
    D. Boneh, C. Gentry, B. Lynn, H. Shacham, Aggregate and verifiably encrypted signatures from bilinear maps, in Advances in Cryptology—Eurocrypt 2003, ed. by E. Biham. Lecture Notes in Computer Science, vol. 2656 (Springer, Berlin, 2003), pp. 416–432 CrossRefGoogle Scholar
  6. [6]
    E. Bresson, J. Stern, M. Szydlo, Threshold ring signatures and applications to ad-hoc groups, in Advances in Cryptology—Crypto 2002, ed. by M. Yung. Lecture Notes in Computer Science, vol. 2442 (Springer, Berlin, 2002), pp. 465–480 CrossRefGoogle Scholar
  7. [7]
    J. Camenisch, A. Lysyanskaya, Signature schemes and anonymous credentials from bilinear maps, in Advances in Cryptology—Crypto 2004, ed. by M.K. Franklin. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 56–72 Google Scholar
  8. [8]
    D. Chaum, E. van Heyst, Group signatures, in Advances in Cryptology—Eurocrypt’91, ed. by D.W. Davies. Lecture Notes in Computer Science, vol. 547 (Springer, Berlin, 1991), pp. 257–265 Google Scholar
  9. [9]
    L. Chen, C. Kudla, K.G. Paterson, Concurrent signatures, in Advances in Cryptology—Eurocrypt 2004, ed. by C. Cachin, J. Camenisch. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 287–305 Google Scholar
  10. [10]
    S.S.M. Chow, V.K.-W. Wei, J.K. Liu, T.H. Yuen, Ring signatures without random oracles, in Proc. ACM Symposium on Information, Computer and Communications Security (ASIACCS) 2006 (ACM, New York, 2006), pp. 297–302 CrossRefGoogle Scholar
  11. [11]
    R. Cramer, I. Damgård, B. Schoenmakers, Proofs of partial knowledge and simplified design of witness hiding protocols, in Advances in Cryptology—Crypto’94, ed. by Y. Desmedt. Lecture Notes in Computer Science, vol. 839 (Springer, Berlin, 1994), pp. 174–187 Google Scholar
  12. [12]
    I. Damgård, J.B. Nielsen, Improved non-committing encryption schemes based on a general complexity assumption, in Advances in Cryptology—Crypto 2000, ed. by M. Bellare. Lecture Notes in Computer Science, vol. 1880 (Springer, Berlin, 2000), pp. 432–450 CrossRefGoogle Scholar
  13. [13]
    Y. Dodis, A. Kiayias, A. Nicolosi, V. Shoup, Anonymous identification in ad-hoc groups, in Advances in Cryptology—Eurocrypt 2004, ed. by C. Cachin, J. Camenisch. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 609–626 Google Scholar
  14. [14]
    C. Dwork, M. Naor, Zaps and their applications, in Proc. 41st Annual Symposium on Foundations of Computer Science (FOCS) (IEEE Comput. Soc., Los Alamitos, 2000), pp. 283–293 CrossRefGoogle Scholar
  15. [15]
    U. Feige, D. Lapidot, A. Shamir, Multiple non-interactive zero knowledge proofs under general assumptions, SIAM J. Comput. 29(1), 1–28 (1999) zbMATHCrossRefMathSciNetGoogle Scholar
  16. [16]
    A. Fiat, A. Shamir, How to prove yourself: practical solutions to identification and signature problems, in Advances in Cryptology—Crypto’86, ed. by A.M. Odlyzko. Lecture Notes in Computer Science, vol. 263 (Springer, Berlin, 1987), pp. 186–194 Google Scholar
  17. [17]
    J. Herranz, Some digital signature schemes with collective signers. PhD thesis, Universitat Politècnica de Catalunya, Barcelona, April 2005. Available at http://www.lix.polytechnique.fr/~herranz/thesis.htm
  18. [18]
    J. Herranz, G. Sáez, Forking lemmas for ring signature schemes, in Progress in Cryptology—Indocrypt 2003, ed. by T. Johansson, S. Maitra. Lecture Notes in Computer Science, vol. 2904 (Springer, Berlin, 2003), pp. 266–279 Google Scholar
  19. [19]
    M. Jakobsson, K. Sako, R. Impagliazzo, Designated verifier proofs and their applications, in Advances in Cryptology—Eurocrypt ’96, ed. by U.M. Maurer. Lecture Notes in Computer Science, vol. 1070 (Springer, Berlin, 1996), pp. 143–154 Google Scholar
  20. [20]
    J.K. Liu, V.K. Wei, D.S. Wong, Linkable spontaneous anonymous group signatures for ad hoc groups, in Information Security and Privacy: 9th Australasian Conference (ACISP 2004), ed. by H. Wang, J. Pieprzyk, V. Varadharajan. Lecture Notes in Computer Science, vol. 3108 (Springer, Berlin, 2004), pp. 325–335 Google Scholar
  21. [21]
    M. Naor, Deniable ring authentication, in Advances in Cryptology—Crypto 2002, ed. by M. Yung. Lecture Notes in Computer Science, vol. 2442 (Springer, Berlin, 2002), pp. 481–498 CrossRefGoogle Scholar
  22. [22]
    R.L. Rivest, A. Shamir, Y. Tauman, How to leak a secret: theory and applications of ring signatures, in Theoretical Computer Science, Essays in Memory of Shimon Even, ed. by O. Goldreich, A.L. Rosenberg, A.L. Selman. Lecture Notes in Computer Science, vol. 3895 (Springer, Berlin, 2006), pp. 164–186. Preliminary version in Asiacrypt 2001 Google Scholar
  23. [23]
    B. Waters, Efficient identity-based encryption without random oracles, in Advances in Cryptology—Eurocrypt 2005, ed. by R. Cramer. Lecture Notes in Computer Science, vol. 3494 (Springer, Berlin, 2005), pp. 114–127 Google Scholar
  24. [24]
    J. Xu, Z. Zhang, D. Feng, A ring signature scheme using bilinear pairings, in Workshop on Information Security Applications (WISA), ed. by K. Chae, M. Yung. Lecture Notes in Computer Science, vol. 3325 (Springer, Berlin, 2004), pp. 160–169 Google Scholar
  25. [25]
    F. Zhang, K. Kim, ID-based blind signature and ring signature from pairings, in Advances in Cryptology—Asiacrypt 2002, ed. by Y. Zheng. Lecture Notes in Computer Science, vol. 2501 (Springer, Berlin, 2002), pp. 533–547 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2007

Authors and Affiliations

  1. 1.Department of Computer ScienceUniversity of MarylandCollege ParkUSA

Personalised recommendations