We revisit accountable ring signatures and offer a formal security model for the primitive. Our model offers strong security definitions incorporating protection against maliciously chosen keys and at the same time flexibility both in the choice of the ring and the opener. We give a generic construction using standard tools.
We give a highly efficient instantiation of our generic construction in the random oracle model by meticulously combining Camenisch's group signature scheme (CRYPTO 1997) with a generalization of the one-out-of-many proofs of knowledge by Groth and Kohlweiss (EUROCRYPT 2015). Our instantiation yields signatures of logarithmic size (in the size of the ring) while relying solely on the well-studied decisional Diffie-Hellman assumption. In the process, we offer a number of optimizations for the recent Groth and Kohlweiss one-out-of-many proofs, which may be useful for other applications.
Accountable ring signatures imply traditional ring and group signatures. We therefore also obtain highly efficient instantiations of those primitives with signatures shorter than all existing ring signatures as well as existing group signatures relying on standard assumptions.
Category / Keywords: cryptographic protocols / Accountable ring signatures, group signatures, one-out-of-many zero-knowledge proofs Original Publication (with major differences): ESORICS 2015 Date: received 29 Jun 2015 Contact author: e ghadafi at ucl ac uk Available format(s): PDF | BibTeX Citation Note: Full version of the paper to appear at ESORICS 2015 Version: 20150630:200838 (All versions of this report) Short URL: ia.cr/2015/643 Discussion forum: Show discussion | Start new discussion