Short Accountable Ring Signatures Based on DDH

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Authors

  • Jonathan Bootle
  • Andrea Cerulli
  • Pyrros Chaidos
  • Essam Ghadafi
  • Jens Groth

Colleges, School and Institutes

External organisations

  • University College London

Abstract

Ring signatures and group signatures are prominent cryptographic primitives offering a combination of privacy and authentication. They enable individual users to anonymously sign messages on behalf of a group of users. In ring signatures, the group, i.e. the ring, is chosen in an ad hoc manner by the signer. In group signatures, group membership is controlled by a group manager. Group signatures additionally enforce accountability by providing the group manager with a secret tracing key that can be used to identify the otherwise anonymous signer when needed. Accountable ring signatures, introduced by Xu and Yung (CARDIS 2004), bridge the gap between the two notions. They provide maximal flexibility in choosing the ring, and at the same time maintain accountability by supporting a designated opener that can identify signers when needed.

We revisit accountable ring signatures and offer a formal security model for the primitive. Our model offers strong security definitions incorporating protection against maliciously chosen keys and at the same time flexibility both in the choice of the ring and the opener. We give a generic construction using standard tools. We give a highly efficient instantiation of our generic construction in the random oracle model by meticulously combining Camenisch’s group signature scheme (CRYPTO 1997) with a generalization of the one-out-of-many proofs of knowledge by Groth and Kohlweiss (EUROCRYPT 2015). Our instantiation yields signatures of logarithmic size (in the size of the ring) while relying solely on the well-studied decisional Diffie-Hellman assumption. In the process, we offer a number of optimizations for the recent Groth and Kohlweiss one-out-of-many proofs, which may be useful for other applications.

Accountable ring signatures imply traditional ring and group signatures. We therefore also obtain highly efficient instantiations of those primitives with signatures shorter than all existing ring signatures as well as existing group signatures relying on standard assumptions.

Details

Original languageEnglish
Title of host publication Computer Security - ESORICS 2015
Subtitle of host publication20th European Symposium on Research in Computer Security, Vienna, Austria, September 21-25, 2015, Proceedings, Part I
EditorsGünther Pernul, Peter Y. A. Ryan, Edgar Weippl
Publication statusPublished - 13 Jan 2016
Event20th European Symposium on Research in Computer Security, (ESORICS 2015) - Vienna, Austria
Duration: 21 Sep 201525 Sep 2015

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume9326
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference20th European Symposium on Research in Computer Security, (ESORICS 2015)
CountryAustria
CityVienna
Period21/09/1525/09/15