How to Leak a Secret

  • Ronald L. Rivest
  • Adi Shamir
  • Yael Tauman
Conference paper

DOI: 10.1007/3-540-45682-1_32

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2248)
Cite this paper as:
Rivest R.L., Shamir A., Tauman Y. (2001) How to Leak a Secret. In: Boyd C. (eds) Advances in Cryptology — ASIACRYPT 2001. ASIACRYPT 2001. Lecture Notes in Computer Science, vol 2248. Springer, Berlin, Heidelberg

Abstract

In this paper we formalize the notion of a ring signature, which makes it possible to specify a set of possible signers without revealing which member actually produced the signature.Unlike group signatures, ring signatures have no group managers, no setup procedures, no revocation procedures, and no coordination:any user can choose any set of possible signers that includes himself,and sign any message by using his secret key and the others’ public keys,without getting their approval or assistance. Ring signatures provide an elegant way to leak authoritativ secrets in an anonymous way, to sign casual email in a way which can only be verified by its intended recipient, and to solve other problems in multiparty computations. The main contribution of this paper is a new construction of such signatures which is unconditionally signer-ambiguous, provably secure in the random oracle model,and exceptionally efficient:adding each ring member increases the cost of signing or verifying by a single modular multiplication and a single symmetric encryption.

Keywords

signature scheme ring signature scheme signer-ambiguous signature scheme group signature scheme designated verifier signature scheme 

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Ronald L. Rivest
    • 1
  • Adi Shamir
    • 2
  • Yael Tauman
    • 2
  1. 1.Laboratory for Computer ScienceMassachusetts Institute of TechnologyCambridge
  2. 2.Computer Science departmentThe Weizmann InstituteRehovotIsrael

Personalised recommendations