Paper 2022/1265

Universal Ring Signatures in the Standard Model

Pedro Branco, Johns Hopkins University
Nico Döttling, Helmholtz Center for Information Security (CISPA)
Stella Wohnig, Helmholtz Center for Information Security (CISPA) and Universität des Saarlandes
Abstract

Ring signatures allow a user to sign messages on behalf of an ad hoc set of users - a ring - while hiding her identity. The original motivation for ring signatures was whistleblowing [Rivest et al. ASIACRYPT'01]: a high government employee can anonymously leak sensitive information while certifying that it comes from a reliable source, namely by signing the leak. However, essentially all known ring signature schemes require the members of the ring to publish a structured verification key that is compatible with the scheme. This creates somewhat of a paradox since, if a user does not want to be framed for whistleblowing, they will stay clear of signature schemes that support ring signatures. In this work, we formalize the concept of universal ring signatures (URS). A URS enables a user to issue a ring signature with respect to a ring of users, independently of the signature schemes they are using. In particular, none of the verification keys in the ring need to come from the same scheme. Thus, in principle, URS presents an effective solution for whistleblowing. The main goal of this work is to study the feasibility of URS, especially in the standard model (i.e. no random oracles or common reference strings). We present several constructions of URS, offering different trade-offs between assumptions required, the level of security achieved, and the size of signatures: * Our first construction is based on superpolynomial hardness assumptions of standard primitives. It achieves compact signatures. That means the size of a signature depends only logarithmically on the size of the ring and on the number of signature schemes involved. * We then proceed to study the feasibility of constructing URS from standard polynomially-hard assumptions only. We construct a non-compact URS from witness encryption and additional standard assumptions. * Finally, we show how to modify the non-compact construction into a compact one by relying on indistinguishability obfuscation.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published by the IACR in ASIACRYPT 2022
Keywords
Ring signatures
Contact author(s)
pedrodemelobranco @ gmail com
nico doettling @ gmail com
stella wohnig @ cispa saarland
History
2022-09-26: approved
2022-09-23: received
See all versions
Short URL
https://ia.cr/2022/1265
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2022/1265,
      author = {Pedro Branco and Nico Döttling and Stella Wohnig},
      title = {Universal Ring Signatures in the Standard Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/1265},
      year = {2022},
      url = {https://eprint.iacr.org/2022/1265}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.