A CDH-Based Ring Signature Scheme with Short Signatures and Public Keys

In this work we present a new CDH-based ring signature scheme with some striking advantages. On the one hand it is secure without random oracles, perfectly anonymous, and unforgeable solely under the CDH assumption in bilinear groups. This makes the security of our ring signature schemes rely on weaker (and less) assumptions than all previous (full) ring signature schemes secure without random oracles. On the other hand the scheme is very space efficient; a public key consists of just a single group element and a ring signature accounts for only n+1 group elements, where n is the size of the ring. This is only about half the number of components when compared to other ring signature schemes that do not exploit ring re-use. As all computations are in groups of prime order, we do not need a trusted setup procedure. All these features do not come for free. The main drawback of our scheme is that it only provides security against chosen subring attacks where the attacker is not allowed to query private keys.

[1]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[2]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[3]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[4]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[5]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[6]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[7]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[8]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[9]  Colin Boyd,et al.  Advances in Cryptology - ASIACRYPT 2001 , 2001 .

[10]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[11]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[12]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[13]  Dan Boneh,et al.  A Secure Signature Scheme from Bilinear Maps , 2003, CT-RSA.

[14]  Marc Joye,et al.  Topics in Cryptology — CT-RSA 2003 , 2003 .

[15]  Ivan Visconti,et al.  An Efficient and Usable Multi-show Non-transferable Anonymous Credential System , 2004, Financial Cryptography.

[16]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[17]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[18]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[19]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[20]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[21]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[22]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[23]  Dan Boneh,et al.  Evaluating 2-DNF Formulas on Ciphertexts , 2005, TCC.

[24]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[25]  Yi Mu,et al.  Constant-Size Dynamic k-TAA , 2006, SCN.

[26]  Qiong Huang,et al.  Generic Transformation to Strongly Unforgeable Signatures , 2007, ACNS.

[27]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.

[28]  Mihir Bellare,et al.  The Security of Triple Encryption and a Framework for Code-Based Game-Playing Proofs , 2006, EUROCRYPT.

[29]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[30]  Tsz Hon Yuen,et al.  Ring signatures without random oracles , 2006, ASIACCS '06.

[31]  Tatsuaki Okamoto,et al.  Efficient Blind and Partially Blind Signatures Without Random Oracles , 2006, IACR Cryptol. ePrint Arch..

[32]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2006, Journal of Cryptology.

[33]  Tatsuaki Okamoto,et al.  Public Key Cryptography - PKC 2007, 10th International Conference on Practice and Theory in Public-Key Cryptography, Beijing, China, April 16-20, 2007, Proceedings , 2007, Public Key Cryptography.

[34]  Moni Naor Advances in Cryptology - EUROCRYPT 2007, 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Barcelona, Spain, May 20-24, 2007, Proceedings , 2007, EUROCRYPT.

[35]  Amit Sahai,et al.  Ring Signatures of Sub-linear Size Without Random Oracles , 2007, ICALP.

[36]  Hovav Shacham,et al.  Efficient Ring Signatures Without Random Oracles , 2007, Public Key Cryptography.

[37]  Xavier Boyen,et al.  Mesh Signatures , 2007, EUROCRYPT.

[38]  Eike Kiltz,et al.  Programmable Hash Functions and Their Applications , 2008, CRYPTO.

[39]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[40]  Jean-Sébastien Coron,et al.  The Random Oracle Model and the Ideal Cipher Model Are Equivalent , 2008, CRYPTO.