RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero

  • Shi-Feng Sun
  • Man Ho Au
  • Joseph K. Liu
  • Tsz Hon Yuen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10493)

Abstract

In this work, we initially study the necessary properties and security requirements of Ring Confidential Transaction (RingCT) protocol deployed in the popular anonymous cryptocurrency Monero. Firstly, we formalize the syntax of RingCT protocol and present several formal security definitions according to its application in Monero. Based on our observations on the underlying (linkable) ring signature and commitment schemes, we then put forward a new efficient RingCT protocol (RingCT 2.0), which is built upon the well-known Pedersen commitment, accumulator with one-way domain and signature of knowledge (which altogether perform the functions of a linkable ring signature). Besides, we show that it satisfies the security requirements if the underlying building blocks are secure in the random oracle model. In comparison with the original RingCT protocol, our RingCT 2.0 protocol presents a significant space saving, namely, the transaction size is independent of the number of groups of input accounts included in the generalized ring while the original RingCT suffers a linear growth with the number of groups, which would allow each block to process more transactions.

Notes

Acknowledgement

This work is supported by National Natural Science Foundation of China (61602396, 61472083).

References

  1. 1.
    Abe, M., Ohkubo, M., Suzuki, K.: 1-out-of-n signatures from a variety of keys. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 415–432. Springer, Heidelberg (2002). doi: 10.1007/3-540-36178-2_26CrossRefGoogle Scholar
  2. 2.
    Au, M.H., Chow, S.S.M., Susilo, W., Tsang, P.P.: Short linkable ring signatures revisited. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 101–115. Springer, Heidelberg (2006). doi: 10.1007/11774716_9CrossRefGoogle Scholar
  3. 3.
    Au, M.H., Liu, J.K., Susilo, W., Yuen, T.H.: Certificate based (linkable) ring signature. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 79–92. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-72163-5_8CrossRefGoogle Scholar
  4. 4.
    Au, M.H., Liu, J.K., Susilo, W., Yuen, T.H.: Secure id-based linkable and revocable-iff-linked ring signature with constant-size construction. Theor. Comput. Sci. 469, 1–14 (2013)MathSciNetCrossRefMATHGoogle Scholar
  5. 5.
    Au, M.H., Tsang, P.P., Susilo, W., Mu, Y.: Dynamic universal accumulators for DDH groups and their application to attribute-based anonymous credential systems. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 295–308. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00862-7_20CrossRefGoogle Scholar
  6. 6.
    Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). doi: 10.1007/3-540-39200-9_38CrossRefGoogle Scholar
  7. 7.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press (1993)Google Scholar
  8. 8.
    Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May 2014, pp. 459–474 (2014)Google Scholar
  9. 9.
    Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, 20–22 August 2014, pp. 781–796 (2014)Google Scholar
  10. 10.
    Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997). doi: 10.1007/BFb0052252CrossRefGoogle Scholar
  11. 11.
    Chase, M., Lysyanskaya, A.: On signatures of knowledge. In: Proceedings 26th Annual International Cryptology Conference on Advances in Cryptology - CRYPTO 2006, Santa Barbara, California, USA, 20–24 August 2006, pp. 78–96 (2006)Google Scholar
  12. 12.
    Chaum, D., Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991). doi: 10.1007/3-540-46416-6_22Google Scholar
  13. 13.
    Chow, S.S.M., Susilo, W., Yuen, T.H.: Escrowed linkability of ring signatures and its applications. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 175–192. Springer, Heidelberg (2006). doi: 10.1007/11958239_12CrossRefGoogle Scholar
  14. 14.
    Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-24676-3_36CrossRefGoogle Scholar
  15. 15.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). doi: 10.1007/3-540-47721-7_12Google Scholar
  16. 16.
    Fiege, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: STOC 1987: 19th Annual ACM conference on Theory of Computing, pp. 210–217. ACM Press, New York (1987)Google Scholar
  17. 17.
    Fujisaki, E.: Sub-linear size traceable ring signatures without random oracles. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 393–415. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19074-2_25CrossRefGoogle Scholar
  18. 18.
    Fujisaki, E., Suzuki, K.: Traceable ring signature. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 181–200. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-71677-8_13CrossRefGoogle Scholar
  19. 19.
    Groth, J., Kohlweiss, M.: One-out-of-many proofs: or how to leak a secret and spend a coin. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 253–280. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_9Google Scholar
  20. 20.
    Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45472-5_30Google Scholar
  21. 21.
    Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Linkable ring signature with unconditional anonymity. IEEE Trans. Knowl. Data Eng. 26(1), 157–165 (2014)CrossRefGoogle Scholar
  22. 22.
    Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for ad hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-27800-9_28CrossRefGoogle Scholar
  23. 23.
    Liu, J.K., Wong, D.S.: Linkable ring signatures: security models and new schemes. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganà, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 614–623. Springer, Heidelberg (2005). doi: 10.1007/11424826_65CrossRefGoogle Scholar
  24. 24.
    Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). http://eprint.iacr.org/
  25. 25.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). doi: 10.1007/3-540-68339-9_33Google Scholar
  26. 26.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). doi: 10.1007/3-540-45682-1_32CrossRefGoogle Scholar
  27. 27.
    Sun, S.-F., Au, M.H., Liu, J.K., Yuen, T.H.: RingCT 2.0: a compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency Monero (Full Version). Cryptology ePrint Archive, Report 2017 (2017). http://eprint.iacr.org/
  28. 28.
    Tsang, P.P., Au, M.H., Liu, J.K., Susilo, W., Wong, D.S.: A suite of non-pairing ID-based threshold ring signature schemes with different levels of anonymity (extended abstract). In: Heng, S.-H., Kurosawa, K. (eds.) ProvSec 2010. LNCS, vol. 6402, pp. 166–183. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16280-0_11CrossRefGoogle Scholar
  29. 29.
    Tsang, P.P., Wei, V.K.: Short linkable ring signatures for e-voting, e-cash and attestation. In: Deng, R.H., Bao, F., Pang, H.H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 48–60. Springer, Heidelberg (2005). doi: 10.1007/978-3-540-31979-5_5CrossRefGoogle Scholar
  30. 30.
    Tsang, P.P., Wei, V.K., Chan, T.K., Au, M.H., Liu, J.K., Wong, D.S.: Separable linkable threshold ring signatures. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 384–398. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-30556-9_30CrossRefGoogle Scholar
  31. 31.
    Wijaya, D.A., Liu, J.K., Steinfeld, R., Sun, S.-F., Huang, X.: Anonymizing bitcoin transaction. In: Bao, F., Chen, L., Deng, R.H., Wang, G. (eds.) ISPEC 2016. LNCS, vol. 10060, pp. 271–283. Springer, Cham (2016). doi: 10.1007/978-3-319-49151-6_19CrossRefGoogle Scholar
  32. 32.
    Yuen, T.H., Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Efficient linkable and/or threshold ring signature without random oracles. Comput. J. 56(4), 407–421 (2013)CrossRefGoogle Scholar
  33. 33.
    Zhang, F., Kim, K.: ID-based blind signature and ring signature from pairings. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 533–547. Springer, Heidelberg (2002). doi: 10.1007/3-540-36178-2_33CrossRefGoogle Scholar
  34. 34.
    Zheng, D., Li, X., Chen, K., Li, J.: Linkable ring signatures from linear feedback shift register. In: Denko, M.K., et al. (eds.) EUC 2007. LNCS, vol. 4809, pp. 716–727. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-77090-9_66CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Shi-Feng Sun
    • 1
    • 2
  • Man Ho Au
    • 1
  • Joseph K. Liu
    • 3
  • Tsz Hon Yuen
    • 4
  1. 1.Hong Kong Polytechnic UniversityHung HomHong Kong
  2. 2.Shanghai Jiao Tong UniversityShanghaiChina
  3. 3.Monash UniversityMelbourneAustralia
  4. 4.HuaweiSingaporeSingapore

Personalised recommendations