Constant Size Traceable Ring Signature Scheme without Random Oracles

Ring signature is a useful cryptographic primitive for many anonymous applications, which makes a signer sign any message anonymously. Namely ring signature allows that ring member signs any message without revealing his/her specific identity. Also, compared with group signature, ring signature provides more flexibility: no group manager, no group setup, and the dynamics of group (ring) update. However, ring signature may make the irresponsible signers abuse their signing rights if there are no measures of keeping them from abusing signing rights. Thus, practical ring signature must be able to trace or reveal the identity of the signer by the signature when the result of the signature needs to be arbitrated. Traceable ring signature is a ring signature that restricts abusing anonymity. Traceable ring signature has a tag that consists of a list of ring members and an event that refers to. In this model, if a ring member generates two linkable ring signatures in the same event, the identity of the ring member is immediately revealed. Currently several traceable (or linkable) identity-based ring signature schemes have been proposed. However, most of them are constructed in the random oracle model. In this paper, we present a fully traceable ring signature (TRS) scheme without random oracles, which has the constant size signature and a security reduction to the computational Diffie-Hellman (CDH) assumption. Also, we give a formal security model for traceable ring signature and prove that the proposed scheme has the properties of traceability and anonymity.