Paper 2018/107

Towards Practical Lattice-Based One-Time Linkable Ring Signatures

Carsten Baum, Huang Lin, and Sabine Oechsner

Abstract

Ring signatures, as introduced by Rivest, Shamir, and Tauman (Asiacrypt ’01), allow to generate a signature for a message on be half of an ad-hoc set of parties. To sign a message, only the public keys must be known and these can be generated independently. It is furthermore not possible to identify the actual signer based on the signature. Ring signatures have recently gained attention due to their applicability in the construction of practical anonymous cryptocurrencies, where they are used to secure transactions while hiding the identity of the actual spender. To be applicable in that setting, ring signatures must allow to determine when a party signed multiple transactions, which is done using a property called linkability. This work presents a linkable ring signature scheme constructed from a lattice-based collision-resistant hash function. We follow the idea of existing schemes which are secure based on the hardness of the discrete logarithm problem, but adapt and optimize ours to the lattice setting. In comparison to other designs for (lattice-based) linkable ring signatures, our approach avoids the standard solution for achieving linkability, which involves proofs about correct evaluation of a pseudorandom function using heavy zero-knowledge machinery.

Note: bugfix linkability definition

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. ICICS 2018
Keywords
lattice-based cryptographyring signature schemeanonymous cryptocurrency
Contact author(s)
oechsner @ cs au dk
History
2019-01-30: last of 3 revisions
2018-01-30: received
See all versions
Short URL
https://ia.cr/2018/107
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/107,
      author = {Carsten Baum and Huang Lin and Sabine Oechsner},
      title = {Towards Practical Lattice-Based One-Time Linkable Ring Signatures},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/107},
      year = {2018},
      url = {https://eprint.iacr.org/2018/107}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.