Paper 2007/094

Mesh Signatures : How to Leak a Secret with Unwitting and Unwilling Participants

Xavier Boyen

Abstract

We introduce the mesh signature primitive as an anonymous signature that borrows from ring signatures, but with added modularity and a much richer language for expressing signer ambiguity. The language can represent complex access structures, and in particular allows individual signature components to be replaced with modular certificate chains. As a result, withholding one's public key from view is no longer a shield against being named as a possible cosignatory; and hence, a mesh signature may be used as a ring signature substitute with compulsory enrollment. We give an efficient construction based on bilinear maps in the common random string model. Our mesh signatures have linear size, achieve everlasting perfect anonymity, and as a special case induce the most efficient and first unconditionally anonymous ring signatures without random oracles or trusted setup authorities. We prove non-repudiation from a mild extension of the SDH assumption, which we introduce and justify meticulously.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Full version of an extended abstract to appear in EUROCRYPT 2007
Keywords
ring signaturesperfect anonymitymodularity
Contact author(s)
xb @ boyen org
History
2007-04-30: revised
2007-03-22: received
See all versions
Short URL
https://ia.cr/2007/094
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2007/094,
      author = {Xavier Boyen},
      title = {Mesh Signatures : How to Leak a Secret with Unwitting and Unwilling Participants},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/094},
      year = {2007},
      url = {https://eprint.iacr.org/2007/094}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.