RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero

In this work, we initially study the necessary properties and security requirements of Ring Confidential Transaction (RingCT) protocol deployed in the popular anonymous cryptocurrency Monero. Firstly, we formalize the syntax of RingCT protocol and present several formal security definitions according to its application in Monero. Based on our observations on the underlying (linkable) ring signature and commitment schemes, we then put forward a new efficient RingCT protocol (RingCT 2.0), which is built upon the well-known Pedersen commitment, accumulator with one-way domain and signature of knowledge (which altogether perform the functions of a linkable ring signature). Besides, we show that it satisfies the security requirements if the underlying building blocks are secure in the random oracle model. In comparison with the original RingCT protocol, our RingCT 2.0 protocol presents a significant space saving, namely, the transaction size is independent of the number of groups of input accounts included in the generalized ring while the original RingCT suffers a linear growth with the number of groups, which would allow each block to process more transactions.

[1]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[2]  Tsz Hon Yuen,et al.  Efficient Linkable and/or Threshold Ring Signature Without Random Oracles , 2013, Comput. J..

[3]  Willy Susilo,et al.  Short Linkable Ring Signatures Revisited , 2006, EuroPKI.

[4]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[5]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[6]  Kwangjo Kim,et al.  ID-Based Blind Signature and Ring Signature from Pairings , 2002, ASIACRYPT.

[7]  Tsz Hon Yuen,et al.  Secure ID-based linkable and revocable-iff-linked ring signature with constant-size construction , 2013, Theor. Comput. Sci..

[8]  Eiichiro Fujisaki Sub-linear Size Traceable Ring Signatures without Random Oracles , 2011, CT-RSA.

[9]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[10]  Joseph K. Liu,et al.  Separable Linkable Threshold Ring Signatures , 2004, INDOCRYPT.

[11]  Joseph K. Liu,et al.  Linkable Ring Signatures: Security Models and New Schemes , 2005, ICCSA.

[12]  Joseph K. Liu,et al.  A Suite of Non-pairing ID-Based Threshold Ring Signature Schemes with Different Levels of Anonymity (Extended Abstract) , 2010, ProvSec.

[13]  Koutarou Suzuki,et al.  Traceable Ring Signature , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[14]  Ron Steinfeld,et al.  Anonymizing Bitcoin Transaction , 2016, ISPEC.

[15]  Shen Noether,et al.  Ring SIgnature Confidential Transactions for Monero , 2015, IACR Cryptol. ePrint Arch..

[16]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[17]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[18]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[19]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[20]  Jianhua Li,et al.  Linkable Ring Signatures from Linear Feedback Shift Register , 2007, EUC Workshops.

[21]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[22]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[23]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[24]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[25]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[26]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[27]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[28]  Tsz Hon Yuen,et al.  Escrowed Linkability of Ring Signatures and Its Applications , 2006, VIETCRYPT.

[29]  Tsz Hon Yuen,et al.  Certificate Based (Linkable) Ring Signature , 2007, ISPEC.

[30]  Joseph K. Liu,et al.  Linkable Ring Signature with Unconditional Anonymity , 2014, IEEE Transactions on Knowledge and Data Engineering.

[31]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[32]  Yi Mu,et al.  Dynamic Universal Accumulators for DDH Groups and Their Application to Attribute-Based Anonymous Credential Systems , 2009, CT-RSA.

[33]  Patrick D. McDaniel,et al.  An Analysis of Anonymity in Bitcoin Using P2P Network Traffic , 2014, Financial Cryptography.

[34]  Victor K.-W. Wei,et al.  Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation , 2005, ISPEC.

[35]  Markulf Kohlweiss,et al.  One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin , 2015, EUROCRYPT.