A suite of non-pairing ID-based threshold ring signature schemes with different levels of anonymity (extended abstract)

Since the introduction of Identity-based (ID-based) cryptography by Shamir in 1984, numerous ID-based signature schemes have been proposed. In 2001, Rivest et al. introduced ring signature that provides irrevocable signer anonymity and spontaneous group formation. In recent years, ID-based ring signature schemes have been proposed and almost all of them are based on bilinear pairings. In this paper, we propose the first ID-based threshold ring signature scheme that is not based on bilinear pairings. We also propose the first ID-based threshold ‘linkable’ ring signature scheme. We emphasize that the anonymity of the actual signers is maintained even against the private key generator (PKG) of the ID-based system. Finally we show how to add identity escrow to the two schemes. Due to the different levels of signer anonymity they support, the schemes proposed in this paper actually form a suite of ID-based threshold ring signature schemes which is applicable to many real-world applications with varied anonymity requirements

A kk-out-of-nn Ring Signature with Flexible Participation for Signers

A $k$-out-of-$n$ ring signature is a kind of anonymous signature that can be performed by any member in a group. This signature allows the creation of valid signatures if and only if actual signers more than or equal to $k$ sign the message among $n$ possible signers. In this paper, we present a new $k$-out-of-$n$ ring signature. Our signature has a remarkable property: When the signature is updated from $k$-out-of-$n$ to $(k+\alpha)$-out-of-$n$, the previous signers do not need to sign a message again. Our scheme can ``reuse\u27\u27 the old signature, whereas the previous schemes revoke it and create a signature from scratch. We call this property ``{{flexibility}}\u27\u27 and formalize it rigorously. Our signature scheme has a multiple ring structure, each ring of which is based on $1$-out-of-$n$ ring signature. The structure of our scheme is completely different from that of conventional schemes, such as a secret-sharing type. The signers\u27 keys are mostly independent of each user, thanks to a part of keys which use a special hash function. We give the results of provable security for our scheme

Raptor: A Practical Lattice-Based (Linkable) Ring Signature

We present Raptor, the first practical lattice-based (linkable) ring signature scheme with implementation. Raptor is as fast as classical solutions; while the size of the signature is roughly $1.3$ KB per user. Prior to our work, all existing lattice-based solutions are analogues of their discrete-log or pairing-based counterparts. We develop a generic construction of (linkable) ring signatures based on the well-known generic construction from Rivest et al., which is not fully compatible with lattices. We show that our generic construction is provably secure in random oracle model. We also give instantiations from both standard lattice, as a proof of concept, and NTRU lattice, as an efficient instantiation. We showed that the latter construction, called Raptor, is almost as efficient as the classical RST ring signatures and thus may be of practical interest