Meng-Jun Qin, Yun-Lei Zhao*, Member, CCF, Zhou-Jun Ma
Shanghai Key Laboratory of Data Science, School of Computer Science, Fudan University, Shanghai 201203, China;State Key Laboratory of Integrated Services Networks, Xidian University, Xi'an 710126, China;State Key Laboratory of Cryptology, State Cryptology Administration, Beijing 100878, China
Abstract Bitcoin has gained its popularity for almost ten years as a "secure and anonymous digital currency", but according to several recent researches we know that it can only provide pseudonymity rather than real anonymity, and privacy has been one of the main concerns in the system similar to Bitcoin. Ring signature is a good method for those users who need better anonymity in cryptocurrency. It was first proposed by Rivest et al. based upon the discrete logarithm problem (DLP) assumption in 2006, which allows a user to sign a message anonymously on behalf of a group of users even without their coordination. The size of ring signature is one of the dominating parameters, and constant-size ring signature (where signature size is independent of the ring size) is much desirable. Otherwise, when the ring size is large, the resultant ring signature becomes unbearable for power limited devices or lead to heavy burden over the communication network. Though being extensively studied, currently there are only two approaches for constant-size ring signature. Achieving practical constant-size ring signature is a long-standing open problem since its introduction. In this work, we solve this open question. We present a new constant-size ring signature scheme based on bilinear pairing and accumulators, which is provably secure under the random oracle (RO) model. To the best of our knowledge, it stands for the most practical ring signature up to now.
This work is supported in part by the National Key Research and Development Program of China under Grant No. 2017YFB0802000, the National Natural Science Foundation of China under Grant Nos. 61472084 and U1536205, the Shanghai Innovation Action Project under Grant No. 16DZ1100200, the Shanghai Science and Technology Development Funds under Grant No. 6JC1400801, and the Shandong Provincial Key Research and Development Program of China under Grant No. 2017CXG0701.
About author: Meng-Jun Qin received his B.S. degree in computer science from Donghua University, Shanghai, in 2016. He is currently pursuing his M.S. degree in computer science in Fudan University, Shanghai. His research interests include blockchain, consensus algorithm and ring signature.te
Cite this article:
Meng-Jun Qin, Yun-Lei Zhao, Zhou-Jun Ma.Practical Constant-Size Ring Signature[J] Journal of Computer Science and Technology, 2018,V33(3): 533-541
 Satoshi N. Bitcoin:A peer-to-peer electronic cash system. 2008. https://bitcoin.org/bitcoin.pdf, Mar. 2018. Möser M. Anonymity of bitcoin transactions. In Proc. Münster Bitcoin Conf., July 2013, pp.17-18. Ron D, Shamir A. Quantitative analysis of the full bitcoin transaction graph. In Proc. the 17th Int. Conf. Financial Cryptography and Data Security, April 2013, pp.6-24. Androulaki E, Karame G O, Roeschlin M, Scherer T, Capkun S. Evaluating user privacy in bitcoin. In Proc. the 17th Int. Conf. Financial Cryptography and Data Security, April 2013, pp.34-51. Rivest R L, Shamir A, Tauman Y. How to leak a secret:Theory and applications of ring signatures. In Theoretical Computer Science, Goldreich O, Rosenberg A L, Selman A L (eds.), Springer, 2006, pp.164-186. Chaum D, van Heyst E. Group signatures. In Proc. Workshop on the Theory and Appl. Cryptographic Techniques, April 1991, pp.257-265. van Saberhagen N. Cryptonote v 2.0, 2013. https://cryptonote.org/whitepaper.pdf, March. 2018. Noether S, Mackenzie A, The Monero Research Lab. Ring confidential transactions. Ledger, 2016, 1:1-18. Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their applications. In Proc. Int. Conf. Theory and Appl. Cryptographic Techniques, May 1996, pp.143-154. Chow S S M, Liu J K, Wong D S. Robust receipt-free election system with ballot secrecy and verifiability. In Proc. Network and Distributed System Security Symp., Feb. 2008. Dodis Y, Kiayias A, Nicolosi A, Shoup V. Anonymous identification in ad hoc groups. In Proc. Int. Conf. Theory and Appl. Cryptographic Techniques, May 2004, pp.609-626. Naor M. Deniable ring authentication. In Proc. the 22nd Annu. Int. Cryptology Conf., August 2002, pp.481-498. Abe M, Ohkubo M, Suzuki K. 1-out-of-n signatures from a variety of keys. In Proc. the 8th Int. Conf. Theory and Appl. Cryptology and Information Security, December 2002, pp.415-432. Liu J K, Wei V K, Wong D S. Linkable spontaneous anonymous group signature for ad hoc groups. In Proc. the 9th Australasian Conf. Information Security and Privacy, July 2004, pp.325-335. Boneh D, Gentry C, Lynn B, Shacham H. Aggregate and verifiably encrypted signatures from bilinear maps. In Proc. Int. Conf. Theory and Appl. Cryptographic Techniques, May 2003, pp.416-432. Bender A, Katz J, Morselli R. Ring signatures:Stronger definitions, and constructions without random oracles. In Proc. the 3rd Theory of Cryptography Conf., March 2006, pp.60-79. Chandran N, Groth J, Sahai A. Ring signatures of sublinear size without random oracles. In Proc. the 34th Int. Colloquium on Automata Languages and Programming, July 2007, pp.423-434. Yuen T H, Liu J K, Au M H, Susilo W, Zhou J Y. Efficient linkable and/or threshold ring signature without random oracles. The Computer Journal, 2013, 56(4):407-421. Ghadafi E M. Sub-linear blind ring signatures without random oracles. In Proc. the 14th IMA Int. Conf. Cryptography and Coding, December 2013, pp.304-323. Fuchsbauer G. Automorphic signatures in bilinear groups and an application to round-optimal blind signatures. IACR Cryptology ePrint Archive Report 2009/320, 2009. https://eprint.iacr.org/2009/320.pdf, Mar. 2018. Bose P, Das D, Rangan C P. Constant size ring signature without random oracle. In Proc. the 20th Australasian Conf. Information Security and Privacy, July 2015, pp.230-247. Galbraith S D, Paterson K G, Smart N P. Pairings for cryptographers. Discrete Applied Mathematics, 2008, 156(16):3113-3121. Nguyen L. Accumulators from bilinear pairings and applications. In Proc. Cryptographers' Track at the RSA Conference, February 2005, pp.275-292. Ben-Sasson E, Chiesa A, Garman C, Green M, Miers I, Tromer E, Virza M. Zerocash:Decentralized anonymous payments from bitcoin. In Proc. IEEE Symp. Security and Privacy (SP), May 2014, pp.459-474. Bellare M, Neven G. Multi-signatures in the plain publickey model and a general forking lemma. In Proc. the 13th ACM Conf. Computer and Communications Security, October 30-November 3, 2006, pp.390-399. Goldwasser S, Micali S, Rackoff C. The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 1989, 18(1):186-208. Bleichenbacher D, Maurer U. On the efficiency of onetime digital signatures. In Proc. Int. Conf. Theory and Appl. Cryptology and Information Security, November 1996, pp.145-158. Perrig A. The BiBa one-time signature and broadcast authentication protocol. In Proc. the 8th ACM Conf. Computer and Communications Security, November 2001, pp.28-37.
Copyright 2010 by Journal of Computer Science and Technology