Cryptology ePrint Archive: Report 2004/281

Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation

Patrick P. Tsang and Victor K. Wei

Abstract: A ring signature scheme can be viewed as a group signature scheme with no anonymity revocation and with simple group setup. A \emph{linkable} ring signature (LRS) scheme additionally allows anyone to determine if two ring signatures have been signed by the same group member. Recently, Dodis et al. \cite{DKNS04} gave a short (constant-sized) ring signature scheme. We extend it to the first short LRS scheme, and reduce its security to a new hardness assumption, the Link Decisional RSA (LD-RSA) Assumption. We also extend \cite{DKNS04}'s other schemes to a generic LRS scheme and a generic linkable group signature scheme. We discuss three applications of our schemes. Kiayias and Yung \cite{KY04} constructed the first e-voting scheme which simultaneously achieves efficient tallying, public verifiability, and write-in capability for a typical voter distribution under which only a small portion writes in. We construct an e-voting scheme based on our short LRS scheme which achieves the same even for all worst-case voter distribution. Direct Anonymous Attestation (DAA) \cite{BCC04} is essentially a ring signature scheme with certain linking properties that can be naturally implemented using LRS schemes. The construction of an offline anonymous e-cash scheme using LRS schemes is also discussed.

Category / Keywords: public-key cryptography / linkable ring signatures, e-voting, e-cash, attestation

Publication Info: An extended abstract of this paper was in ISPEC 2005.

Date: received 30 Oct 2004, last revised 14 Feb 2005

Contact author: pktsang3 at ie cuhk edu hk

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20050214:165025 (All versions of this report)

Short URL: ia.cr/2004/281

Discussion forum: Show discussion | Start new discussion