On the Definitions of Anonymity for Ring Signatures

This paper studies the relations among several definitions of anonymity for ring signature schemes in the same attack environment. It is shown that one intuitive and two technical definitions we consider are asymptotically equivalent, and the indistinguishability-based technical definition is the strongest, i.e., the most secure when achieved, when the exact reduction cost is taken into account. We then extend our result to the threshold case where a subset of members cooperate to create a signature. The threshold setting makes the notion of anonymity more complex and yields a greater variety of definitions. We explore several notions and observe certain relation does not seem hold unlike the simple single-signer case. Nevertheless, we see that an indistinguishability-based definition is the most favorable in the threshold case. We also study the notion of linkability and present a simple scheme that achieves both anonymity and linkability.

[1]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2006, Essays in Memory of Shimon Even.

[2]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[3]  Victor K.-W. Wei,et al.  Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation , 2005, ISPEC.

[4]  Siu-Ming Yiu,et al.  Efficient Identity Based Ring Signature , 2005, ACNS.

[5]  Aggelos Kiayias,et al.  Group Signatures: Provable Security, Efficient Constructions and Anonymity from Trapdoor-Holders , 2004, IACR Cryptol. ePrint Arch..

[6]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[7]  Jacques Stern,et al.  Threshold Ring Signatures and Applications to Ad-hoc Groups , 2002, CRYPTO.

[8]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[9]  Mihir Bellare,et al.  Relations among Notions of Security for Public-Key Encryption Schemes , 1998, IACR Cryptol. ePrint Arch..

[10]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[11]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[12]  Siu-Ming Yiu,et al.  Identity Based Threshold Ring Signature , 2004, IACR Cryptol. ePrint Arch..

[13]  Joseph K. Liu,et al.  Separable Linkable Threshold Ring Signatures , 2004, INDOCRYPT.

[14]  Kwangjo Kim,et al.  ID-Based Blind Signature and Ring Signature from Pairings , 2002, ASIACRYPT.

[15]  Mihir Bellare,et al.  Foundations of Group Signatures: The Case of Dynamic Groups , 2005, CT-RSA.

[16]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[17]  Masayuki Abe,et al.  Efficient threshold signer ambiguous signatures from variety of keys , 2004 .

[18]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[19]  Willy Susilo,et al.  Short Linkable Ring Signatures Revisited , 2006, EuroPKI.

[20]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.