A ring signature can be performed by anyone in a group of users who holds a signing key, and the signature of a message reveals nothing about the signer’s identity except the fact that they are a ring member. Currently, the size of most ring signatures depends on the number of ring members, but for realistic applications with a large number of ring members, this will lead to higher communication overheads. To reduce the signature size, in this paper, a new transparent compact ring signature scheme is constructed. We use homomorphic encryption and constrained signatures to improve the efficiency of the signature scheme when the ring size is large, thereby achieving “fully compact” signatures whose size is O(1), i.e., constant in the number of ring members. Not only does the scheme guarantee the privacy of the signer’s identity with less communication overhead, but it also provides stronger security under the RO model, including unforgeability and anonymity, under the assumption of the quantum hardness of the standard SIS problem. Furthermore, to the best of our knowledge, our scheme is the first compact post-quantum ring signature scheme that has transparent setup, requiring only public randomness (and not any trusted entity).

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A Framework for Fully Compact Transparent Ring Signature on Lattice and Its Instantiation

  • Weiping Ji,
  • Siu-Ming Yiu,
  • Zichen Li,
  • Yanmin Zhao

摘要

A ring signature can be performed by anyone in a group of users who holds a signing key, and the signature of a message reveals nothing about the signer’s identity except the fact that they are a ring member. Currently, the size of most ring signatures depends on the number of ring members, but for realistic applications with a large number of ring members, this will lead to higher communication overheads. To reduce the signature size, in this paper, a new transparent compact ring signature scheme is constructed. We use homomorphic encryption and constrained signatures to improve the efficiency of the signature scheme when the ring size is large, thereby achieving “fully compact” signatures whose size is O(1), i.e., constant in the number of ring members. Not only does the scheme guarantee the privacy of the signer’s identity with less communication overhead, but it also provides stronger security under the RO model, including unforgeability and anonymity, under the assumption of the quantum hardness of the standard SIS problem. Furthermore, to the best of our knowledge, our scheme is the first compact post-quantum ring signature scheme that has transparent setup, requiring only public randomness (and not any trusted entity).