Deniable Ring Authentication Revisited

Ring signatures allow a signer in an ad-hoc group to authenticate a message on behalf of the group without revealing which member actually produced the signature [8]. Recently, this notion has been extended by Naor by introducing Deniable Ring Authentication: it is possible to convince a verifier that a member of an ad-hoc subset of participants is authenticating a message without revealing which member has issued the signature, and the verifier V cannot convince any third party that message m was indeed authenticated. Unfortunately, the scheme proposed in [7] requires an interactive protocol, which requires an assumption that an anonymous routing channel (eg. MIX-net) exists. Having this restriction, the primitive cannot be used in practice without the existence of the anonymous routing channel. In this paper, we introduce a non-interactive version of deniable ring authentication. This work proposes a deniable ring authentication without any interactive protocol required (cf. [7]). We present a generic construction that can convert any existing ring signature schemes to deniable ring authentication schemes. Our generic construction combines any ring signature scheme with an ID-based chameleon hash function. We also present three ID-based chameleon hash functions and show that our schemes outperform the construction proposed in [2].

[1]  Giuseppe Ateniese,et al.  Identity-Based Chameleon Hash and Applications , 2004, Financial Cryptography.

[2]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[3]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[4]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[5]  Jongin Lim,et al.  Information Security and Cryptology - ICISC 2003 , 2003, Lecture Notes in Computer Science.

[6]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[7]  Moni Naor,et al.  Concurrent zero-knowledge , 1998, STOC '98.

[8]  Rosario Gennaro,et al.  Paillier's cryptosystem revisited , 2001, CCS '01.

[9]  Yi Mu,et al.  Non-interactive Deniable Ring Authentication , 2003, ICISC.

[10]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[11]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[12]  Moni Naor,et al.  Deniable Ring Authentication , 2002, CRYPTO.

[13]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.