DualRing: Generic Construction of Ring Signatures with Efficient Instantiations

We introduce a novel generic ring signature construction, called DualRing, which can be built from several canonical identification schemes (such as Schnorr identification). DualRing differs from the classical ring signatures by its formation of two rings: a ring of commitments and a ring of challenges. It has a structural difference from the common ring signature approaches based on accumulators or zero-knowledge proofs of the signer index. Comparatively, DualRing has a number of unique advantages. Considering the DL-based setting by using Schnorr identification scheme, our DualRing structure allows the signature size to be compressed into logarithmic size via an argument of knowledge system such as Bulletproofs. We further improve on the Bulletproofs argument system to eliminate about half of the computation while maintaining the same proof size. We call this Sum Argument and it can be of independent interest. This DL-based construction, named DualRing-EC, using Schnorr identification with Sum Argument has the shortest ring signature size in the literature without using trusted setup. Considering the lattice-based setting, we instantiate DualRing by a canonical identification based on M-LWE and M-SIS. In practice, we achieve the shortest lattice-based ring signature, named DualRing-LB, when the ring size is between 4 and 2000. DualRing-LB is also 5× faster in signing and verification than the fastest lattice-based scheme by Esgin et al. (CRYPTO’19).

[1]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[2]  Tanja Lange,et al.  High-Speed High-Security Signatures , 2011, CHES.

[3]  Chanathip Namprempre,et al.  From Identification to Signatures Via the Fiat–Shamir Transform: Necessary and Sufficient Conditions for Security and Forward-Security , 2008, IEEE Transactions on Information Theory.

[4]  Jens Groth,et al.  Short Accountable Ring Signatures Based on DDH , 2015, ESORICS.

[5]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[6]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[7]  Chanathip Namprempre,et al.  Security Proofs for Identity-Based Identification and Signature Schemes , 2004, EUROCRYPT.

[8]  Tim Ruffing,et al.  Omniring: Scaling Private Payments Without Trusted Setup , 2019, CCS.

[9]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[10]  Prateek Saxena,et al.  A Traceability Analysis of Monero's Blockchain , 2017, ESORICS.

[11]  Vadim Lyubashevsky,et al.  A non-PCP Approach to Succinct Quantum-Safe Zero-Knowledge , 2020, IACR Cryptol. ePrint Arch..

[12]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[13]  Eike Kiltz,et al.  Optimal Security Proofs for Signatures from Identification Schemes , 2016, CRYPTO.

[14]  Nico Döttling,et al.  Ring Signatures: Logarithmic-Size, No Setup - from Standard Assumptions , 2019, IACR Cryptol. ePrint Arch..

[15]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[16]  Jung Hee Cheon,et al.  Multisignatures secure under the discrete logarithm assumption and a generalized forking lemma , 2008, CCS.

[17]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2006, Journal of Cryptology.

[18]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[19]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[20]  Huaxiong Wang,et al.  Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures Without Trapdoors , 2016, Journal of Cryptology.

[21]  Ethan Heilman,et al.  An Empirical Analysis of Traceability in the Monero Blockchain , 2017, Proc. Priv. Enhancing Technol..

[22]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[23]  Jens Groth,et al.  Efficient Zero-Knowledge Arguments for Arithmetic Circuits in the Discrete Log Setting , 2016, EUROCRYPT.

[24]  Man Ho Au,et al.  Raptor: A Practical Lattice-Based (Linkable) Ring Signature , 2019, IACR Cryptol. ePrint Arch..

[25]  Jonathan Katz,et al.  Efficiency improvements for signature schemes with tight security reductions , 2003, CCS '03.

[26]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[27]  Dongxi Liu,et al.  MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol , 2019, CCS.

[28]  Thomas Peters,et al.  Logarithmic-Size Ring Signatures with Tight Security from the DDH Assumption , 2018, ESORICS.

[29]  Dongxi Liu,et al.  Short Lattice-based One-out-of-Many Proofs and Applications to Ring Signatures , 2019, IACR Cryptol. ePrint Arch..

[30]  Ron Steinfeld,et al.  MatRiCT+: More Efficient Post-Quantum Private Blockchain Payments , 2022, 2022 IEEE Symposium on Security and Privacy (SP).

[31]  Dongxi Liu,et al.  Lattice-based Zero-Knowledge Proofs: New Techniques for Shorter and Faster Constructions and Applications , 2019, IACR Cryptol. ePrint Arch..

[32]  Ivan Damgård,et al.  More Efficient Commitments from Structured Lattice Assumptions , 2018, SCN.

[33]  Markulf Kohlweiss,et al.  One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin , 2015, EUROCRYPT.

[34]  Shuichi Katsumata,et al.  Calamari and Falafl: Logarithmic (Linkable) Ring Signatures from Isogenies and Lattices , 2020, IACR Cryptol. ePrint Arch..

[35]  Tsz Hon Yuen,et al.  RingCT 3.0 for Blockchain Confidential Transaction: Shorter Size and Stronger Security , 2020, IACR Cryptol. ePrint Arch..

[36]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[37]  Vadim Lyubashevsky,et al.  SMILE: Set Membership from Ideal Lattices with Applications to Ring Signatures and Confidential Transactions , 2021, IACR Cryptol. ePrint Arch..

[38]  Muhammed Fethullah Esgin Practice-Oriented Techniques in Lattice-Based Cryptography , 2020 .