Ring Signatures: Stronger Definitions, and Constructions Without Random Oracles

  • Adam Bender
  • Jonathan Katz
  • Ruggero Morselli
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3876)

Abstract

Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely “ad-hoc” and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature.

This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and then give separation results proving that our new notions are strictly stronger than previous ones. Next, we show two constructions of ring signature schemes in the standard model: one based on generic assumptions which satisfies our strongest definitions of security, and a second, more efficient scheme achieving weaker security guarantees and more limited functionality. These are the first constructions of ring signature schemes that do not rely on random oracles or ideal ciphers.

References

  1. 1.
    Abe, M., Ohkubo, M., Suzuki, K.: 1-out-of-n signatures from a variety of keys. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 415–432. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Adida, B., Hohenberger, S., Rivest, R.L.: Ad-hoc-group signatures from hijacked keypairs (2005), available at, http://theory.lcs.mit.edu/~srhohen/papers/AHR.pdf
  3. 3.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: Formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656. Springer, Heidelberg (2003)Google Scholar
  4. 4.
    Bender, A., Katz, J., Morselli, R.: Ring signatures: Stronger definitions, and constructions without random oracles. Cryptology ePrint Archive (2005), http://eprint.iacr.org/2005/304
  5. 5.
    Bresson, E., Stern, J., Szydlo, M.: Threshold ring signatures and applications to ad-hoc groups. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 465. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  7. 7.
    Chen, L., Kudla, C., Patterson, K.G.: Concurrent signatures. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 287–305. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  8. 8.
    Chow, S.S.M., Liu, J.K., Yuen, T.H.: Ring signature without random oracles. Cryptology ePrint Archive (2005), http://eprint.iacr.org/2005/317
  9. 9.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proof of partial knowledge and simplified design of witness hiding protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)Google Scholar
  10. 10.
    Damgård, I.B., Nielsen, J.B.: Improved non-committing encryption schemes based on a general complexity assumption. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, p. 432. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad-hoc groups. In: Advances in Cryptology — Eurocrypt 2002 (2002)Google Scholar
  12. 12.
    Dwork, C., Naor, M.: Zaps and their applications. In: Proc. 41st Annual Symposium on Foundations of Computer Science (FOCS). IEEE, Los Alamitos (2000)Google Scholar
  13. 13.
    Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero knowledge proofs under general assumptions. SIAM J. Computing 29(1), 1–28 (1999)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)CrossRefGoogle Scholar
  15. 15.
    Herranz, J.: Some digital signature schemes with collective signers. PhD thesis, Universitat Politècnica de Catalunya, Barcelona (April 2005), Available at, http://www.lix.polytechnique.fr/~herranz/thesis.htm
  16. 16.
    Herranz, J., Sáez, G.: Forking lemmas for ring signature schemes. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 266–279. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  18. 18.
    Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Naor, M.: Deniable ring authentication. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 481. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, p. 552. Springer, Heidelberg (2001); To appear in Essays in Theoretical Computer Science: in Memory of Shimon Even, Full version available at, http://www.mit.edu/~tauman
  21. 21.
    Waters, B.: Efficient identity-based encryption without random oracles. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 114–127. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Xu, J., Zhang, Z., Feng, D.: A ring signature scheme using bilinear pairings. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 160–169. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Zhang, F., Kim, K.: ID-based blind signature and ring signature from pairings. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 533–547. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Adam Bender
    • 1
  • Jonathan Katz
    • 1
  • Ruggero Morselli
    • 1
  1. 1.Department of Computer ScienceUniversity of MarylandUSA

Personalised recommendations