Ring signatures allow a signer to sign a message for a set of signers, called a ring, ensuring that the message is signed by one of the signers in the ring, while not revealing which one actually signed it. Constructing ring signature schemes that are tightly secure and achieve signature sizes that grow logarithmically with respect to the ring size remains a fundamental theoretical challenge. To our knowledge, three prior works by Libert et al. (ESORICS 2018), Tang (ICICS 2021), and Hara and Tanaka (Theor. Comput. Sci. 2021) proposed tightly secure ring signature schemes with logarithmic signature size. However, these schemes rely on the hardness of decisional problems. In this paper, we propose a new tightly secure and logarithmic-size ring signature scheme. Our scheme is secure under the discrete logarithm (DL) problem over pairing-free groups in the non-programmable random oracle model (NPROM). Our construction is based on the \(\varSigma \) -protocol of Groth and Kohlweiss (EUROCRYPT 2015), instantiated with our modified Pedersen commitment scheme. Then, we derive our ring signature scheme by applying the randomized Fischlin transformation by Kondi and Shelat (ASIACRYPT 2022) to the above \(\varSigma \) -protocol. The security analysis is obtained by modifying the analysis of the randomized Fischlin transformation by Hashimoto et al. (ePrint Arch. 2024).

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Logarithmic-Size Ring Signatures with Tight Security from the DL Assumption

  • Keisuke Hara,
  • Masayuki Tezuka

摘要

Ring signatures allow a signer to sign a message for a set of signers, called a ring, ensuring that the message is signed by one of the signers in the ring, while not revealing which one actually signed it. Constructing ring signature schemes that are tightly secure and achieve signature sizes that grow logarithmically with respect to the ring size remains a fundamental theoretical challenge. To our knowledge, three prior works by Libert et al. (ESORICS 2018), Tang (ICICS 2021), and Hara and Tanaka (Theor. Comput. Sci. 2021) proposed tightly secure ring signature schemes with logarithmic signature size. However, these schemes rely on the hardness of decisional problems. In this paper, we propose a new tightly secure and logarithmic-size ring signature scheme. Our scheme is secure under the discrete logarithm (DL) problem over pairing-free groups in the non-programmable random oracle model (NPROM). Our construction is based on the \(\varSigma \) -protocol of Groth and Kohlweiss (EUROCRYPT 2015), instantiated with our modified Pedersen commitment scheme. Then, we derive our ring signature scheme by applying the randomized Fischlin transformation by Kondi and Shelat (ASIACRYPT 2022) to the above \(\varSigma \) -protocol. The security analysis is obtained by modifying the analysis of the randomized Fischlin transformation by Hashimoto et al. (ePrint Arch. 2024).