On the Security Models of (Threshold) Ring Signature Schemes

We make fine-grained distinctions on the security models for provably secure ring signature schemes. Currently there are two commonly used security models which are specified by Rivest et al. [1] and Abe et al. [1]. They offer different levels of security. In this paper, we introduce a new but compatible model whose security level can be considered to be lying in between these two commonly used models. It is important to make fine-grained distinctions on the security models because some schemes may be secure in some of the models but not in the others. In particular, we show that the bilinear map based ring signature scheme of Boneh et al. [4], which have been proven secure in the weakest model (the one specified by Rivest et al. [15]), is actually insecure in stronger models (the new model specified by us in this paper and the one specified by Abe et al. [1]). We also propose a secure modification of their scheme for each of the two stronger models. In addition, we propose a threshold ring signature scheme using bilinear maps and show its security against adaptive adversaries in the strongest model defined in this paper. Throughout the paper, we carry out all of the security analyses under the random oracle assumption.

[1]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[2]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[3]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[4]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[5]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[6]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[7]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[8]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[9]  Joseph K. Liu,et al.  A Separable Threshold Ring Signature Scheme , 2003, ICISC.

[10]  Kwangjo Kim,et al.  ID-Based Blind Signature and Ring Signature from Pairings , 2002, ASIACRYPT.

[11]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[12]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[13]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[14]  Jongin Lim,et al.  Information Security and Cryptology - ICISC 2003 , 2003, Lecture Notes in Computer Science.

[15]  Jacques Stern,et al.  Threshold Ring Signatures and Applications to Ad-hoc Groups , 2002, CRYPTO.

[16]  Joseph K. Liu,et al.  On the RS-Code Construction of Ring Signature Schemes and a Threshold Setting of RST , 2003, ICICS.

[17]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[18]  Duncan S. Wong,et al.  Linkable and Anonymous Signature for Ad Hoc Groups , 2004 .

[19]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[20]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[21]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[22]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[23]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[24]  Kazuo Ohta,et al.  On Concrete Security Treatment of Signatures Derived from Identification , 1998, CRYPTO.

[25]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[26]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[27]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[28]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.