Accountable Ring Signatures: A Smart Card Approach

  • Shouhuai Xu
  • Moti Yung
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 153)


Ring signatures are an important primitive for protecting signers’ privacy while ensuring that a signature in question is indeed issued by some qualified user. This notion can be seen as a generalization of the well-known notion of group signatures. A group signature is a signature such that a verifier can establish its validity but not the identity of the actual signer, who can nevertheless be identified by a designated entity called group manager. A ring signature is also a signature such that a verifier can establish its validity but not the identity of the actual signer, who indeed can never be identified by any party. An important advantage of ring signatures over group signatures is that there is no need to pre-specify rings or groups of users.

In this paper, we argue that the lack of an accountability mechanism in ring signature schemes would result in severe consequences, and thus accountable ring signatures might be very useful. An accountable ring signature ensures the following: anyone can verify that the signature is generated by a user belonging to a set of possible signers that may be chosen on-the-fly, whereas the actual signer can nevertheless be identified by a designated trusted entity - a system-wide participant independent of any possible ring of users. Further, we present a system framework for accountable ring signatures. The framework is based on a compiler that transforms a traditional ring signature scheme into an accountable one. We also conduct a case study by elaborating on how a traditional ring signature scheme is transformed into an accountable one while assuming a weak trust model.


Smart Card Signature Scheme Ring Signature Random Oracle Blind Signature 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    M. Abe, M. Ohkubo, and K. Suzuki. 1-out-of-n Signatures from a Variety of Keys. Asiacrypt’02.Google Scholar
  2. [2]
    R. Anderson and M. Kuhn. Low Cost Attacks on Tamper Resistant Devices. Security Protocol’97.Google Scholar
  3. [3]
    G. Ateniese, J. Camenisch, M. Joye, and G. Tsudik. A Practical and Provably Secure Coalition-Resistant Group Signature Scheme. Crypto’00.Google Scholar
  4. [4]
    M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated Key Exchange Secure against Dictionary Attacks. Eurocrypt’00.Google Scholar
  5. [5]
    M. Bellare and P. Rogaway. Random Oracles Are Practical: A Paradigm for Designing Efficient Protocols. ACM CCS’93.Google Scholar
  6. [6]
    D. Boneh and M. Franklin. Efficient Generation of Shared RSA Keys (Extended Abstract). Crypto’97.Google Scholar
  7. [7]
    E. Bresson, J. Stern, and M. Szydlo. Threshold Ring Signatures and Applications to Ad-Hoc Groups. Crypto’02.Google Scholar
  8. [8]
    J. Camenisch. Efficient and Generalized Group Signatures. Eurorypt’97.Google Scholar
  9. [9]
    J. Camenisch and A. Lysyanskaya. Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. Crypto’02.Google Scholar
  10. [10]
    J. Camenisch and M. Michels. A Group Signature Scheme based on an RSA-variant. Tech. Report RS-98-27, BRICS. Preliminary version appeared at Asiacrypt’ 98.Google Scholar
  11. [11]
    J. Camenisch and M. Stadler. Efficient Group Signature Schemes for Large Groups (Extended Abstract). Crypto’97.Google Scholar
  12. [12]
    S. Canard and M. Girault. Implementing Group Signature Schemes with Smart Cards. Cardis’02.Google Scholar
  13. [13]
    D. Chaum. Blind Signatures for Untraceable Payments. Crypto’82.Google Scholar
  14. [14]
    S. Chaum and E. van Heyst. Group Signatures. Eurocrypt’91.Google Scholar
  15. [15]
    L. Chen and T. Pedersen. New Group Signature Schemes. Eurocrypt’94.Google Scholar
  16. [16]
    J. Coron, M. Joye, D. Naccache, and P. Paillier. Universal Padding Schemes for RSA. Crypto’02.Google Scholar
  17. [17]
    R. Cramer, I. Damgard, and B. Schoenmakers. Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. Crypto’94.Google Scholar
  18. [18]
    A. De Santis, G. Di Crescenzo, G. Persiano, and M. Yung. On Monotone Formula Closure of SZK. FOCS’94. pp 454–465.Google Scholar
  19. [19]
    Y. Desmedt. Simmons’ Protocol Is Not Free of Subliminal Channels. Computer Security Foundation Workshop’96.Google Scholar
  20. [20]
    A. Fiat and A. Shamir. How to Prove Yourself: Practical Solutions to Identification and Signature Problems. Crypto’86.Google Scholar
  21. [21]
    O. Goldreich, S. Goldwasser, and S. Micali. How to Construct Random Functions. J. ACM, Vol. 33, No. 4, 1986, pp 210–217.CrossRefMathSciNetGoogle Scholar
  22. [22]
    S. Goldwasser and S. Micali. Probabilistic Encryption. JCSS, 1984.Google Scholar
  23. [23]
    S. Goldwasser, S. Micali, R. Rivest. A Digital Signature Scheme Secure against Adaptive Chosen-message Attacks. SIAM J. Computing, 17(2), 1988.Google Scholar
  24. [24]
    M. Naor, B. Pinkas, and O. Reingold. Distributed Pseudo-Random Functions and KDCs. Eurocrypt’99.Google Scholar
  25. [25]
    R. L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystem. Communication of the ACM, Vol. 21, No. 2, 1978.Google Scholar
  26. [26]
    R. Rivest, A. Shamir, and Y. Tauman. How to Leak a Secret. Asiacrypt’01.Google Scholar
  27. [27]
    G. J. Simmons. The History of Subliminal Channels. IEEE Journal on Selected Areas in Communication, vol. 16, no. 4, May 1998.Google Scholar
  28. [28]
    G. Tsudik and S. Xu. Accumulating Composites and Improved Group Signing. Asiacrypt’03.Google Scholar
  29. [29]
    B. von Solms and D. Naccache, On Blind Signatures and Perfect Crimes, Computers & Security, 11(6), 1992, 581–583.Google Scholar
  30. [30]
    A. Young and M. Yung. Kleptography: using Cryptography Against Cryptography. Crypto’97.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Shouhuai Xu
    • 1
  • Moti Yung
    • 2
  1. 1.Department of Computer ScienceUniversity of Texas at San AntonioUSA
  2. 2.Department of Computer ScienceColumbia UniversityUSA

Personalised recommendations