\`x^2+y_1+z_12^34\`
Advanced Search
Article Contents
Article Contents

Efficient traceable ring signature scheme without pairings

  • * Corresponding author: Ke Gu

    * Corresponding author: Ke Gu 

This work is supported by the National Natural Science Foundations of China (No.61402055), the Hunan Provincial Natural Science Foundation of China (No.2018JJ2445) and the Open Research Fund of Key Laboratory of Network Crime Investigation of Hunan Provincial Colleges (No.2017WLFZZC003)

Abstract Full Text(HTML) Figure(0) / Table(2) Related Papers Cited by
  • Although currently several traceable (or linkable) ring signature schemes have been proposed, most of them are constructed on pairings. In this paper, we present an efficient traceable ring signature (TRS) scheme without pairings, which is based on the modified EDL signature (first proposed by D.Chaum et al. in Crypto 92). Compared with other ring signature schemes, the proposed scheme does not employ pairing computation and has some computational advantages, whose security can be reduced to the computational Diffie-Hellman (CDH) and decisional Diffie-Hellman (DDH) assumptions in the random oracle model. Also, the proposed scheme is similar to certificateless signature scheme, where user and key generating center make interaction to generate ring key. We give a formal security model for ring signature and prove that the proposed scheme has the properties of traceability and anonymity.

    Mathematics Subject Classification: Primary: 58F15, 58F17; Secondary: 53C35.

    Citation:

    \begin{equation} \\ \end{equation}
  • 加载中
  • Table 1.  Performance comparisons of the Six Schemes

    Signature Size Signing Cost Verification Cost
    Scheme [40] $ O(n) $ $ (4\cdot n+3)\cdot e_1+2\cdot n\cdot m_1 $ $ 4\cdot n\cdot e_1+n\cdot m_1 $
    Scheme [55] $ O(n) $ $ (28\cdot n+9)\cdot m_3+(22\cdot n+14)\cdot a $ $ 28\cdot n\cdot m_3+19\cdot n\cdot a $
    Scheme [25] $ O(\sqrt{n}) $ $ (n+9)\cdot e_1+(n+2)\cdot m_1 $ $ (2\cdot n+3)\cdot e_1+2\cdot n\cdot m_1+9\cdot p $
    Scheme [26] $ O(n) $ $ (5\cdot n-1)e_1+(3\cdot n-2)\cdot m_1 $ $ 5\cdot n\cdot e_1+3\cdot n\cdot m_1 $
    Scheme [4] $ O(1) $ $ 7\cdot e_1+7\cdot m_1 $ $ 9\cdot e_1+5\cdot m_1+7\cdot e_2+8\cdot m_2+12\cdot p $
    Our Scheme $ O(1) $ $ 5\cdot e_1+(n+1)\cdot m_1 $ $ 4\cdot e_1+(n+3)\cdot m_1 $
     | Show Table
    DownLoad: CSV

    Table 2.  Other comparisons of the Six Schemes

    Cryptography Traceability Model
    Scheme [40] Public Key No random oracle
    Scheme [55] Public Key No random oracle
    Scheme [25] Public Key Yes without random oracle
    Scheme [26] Public Key Yes random oracle
    Scheme [4] Identity-Based Yes random oracle
    Our Scheme Public Key Yes random oracle
     | Show Table
    DownLoad: CSV
  • [1] M. Abe, M. Ohkubo and K. Suzuki, 1-out-of-n signatures from a variety of keys, Advances in Cryptology—ASIACRYPT 2002, (2002), 415–432. doi: 10.1007/3-540-36178-2_26.
    [2] M. AbeM. Ohkubo and K. Suzuki, Efficient threshold signer-ambiguous signatures from variety of keys, IEICE Trans 2004, 87 (2004), 471-479. 
    [3] M. H. Au, S. S. M. Chow, W. Susilo and P. P. Tsang, Short linkable ring signatures revisited, Public Key Infrastructure, (2006), 101–115. doi: 10.1007/11774716_9.
    [4] M. H. AuJ. K. LiuW. Susilo and T. H. Yuen, Secure ID-based linkable and revocable-iff-linked ring signature with constant-size construction, Theoretical Computer Science, 469 (2013), 1-14.  doi: 10.1016/j.tcs.2012.10.031.
    [5] M. H. AuJ. K. LiuW. Susilo and T. H. Yuen, Constant-size ID-based linkable and revocable-iff-linked ring signature, Progress in cryptology—INDOCRYPT 2006, 4329 (2006), 364-378.  doi: 10.1007/11941378_26.
    [6] M. H. Au, J. K. Liu, T. H. Yuen and D. S. Wong, ID-based ring signature scheme secure in the standard model, Advances in Information and Computer Security, Lecture Notes in Comput. Sci., Springer, Berlin, 4266 (2006), 1–16. doi: 10.1007/11908739_1.
    [7] P. S. L. M. Barreto, B. Libert, N. McCullagh and J.-J. Quisquater, Efficient and provably-secure identity-based signatures and signcryption from bilinear maps, Advances in Cryptology—ASIACRYPT 2005, Lecture Notes in Comput. Sci., Springer, Berlin, 3788 (2005), 515–532. doi: 10.1007/11593447_28.
    [8] A. Bender, J. Katz and R. Morselli, Ring signatures: Stronger definitions, and constructions without random oracles, Theory of Cryptography, Lecture Notes in Comput. Sci., Springer, Berlin, 3876 (2006), 60–79. doi: 10.1007/11681878_4.
    [9] D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, Advances in Cryptology—CRYPTO 2001 (Santa Barbara, CA), Lecture Notes in Comput. Sci., Springer, Berlin, 2139 (2001), 213–229. doi: 10.1007/3-540-44647-8_13.
    [10] D. Boneh, C. Gentry, B. Lynn and H. Shacham, Aggregate and verifieably encrypted signatures from bilinear maps, Advances in Cryptology—EUROCRYPT 2003, Lecture Notes in Comput. Sci., Springer, Berlin, 2656 (2003), 416–432. doi: 10.1007/3-540-39200-9_26.
    [11] D. Boneh and M. Hanburg, Generalized identity based and broadcast encryption schemes, Advances in Cryptology—ASIACRYPT 2008, Lecture Notes in Comput. Sci., Springer, Berlin, 5350 (2008), 455–470. doi: 10.1007/978-3-540-89255-7_28.
    [12] S. Brands, Untraceable off-line cash in wallet with observers, CRYPTO'93, 773 (1993), 302-318. 
    [13] E. Bresson, J. Stern and M. Szydlo, Threshold ring signatures and applications to ad-hoc groups, Advances in Cryptology—CRYPTO 2002, Lecture Notes in Comput. Sci., Springer, Berlin, 2442 (2002), 465–480. doi: 10.1007/3-540-45708-9_30.
    [14] J. C. Cha and J. H. Cheon, An identity-based signature from gap Diffie-Hellman groups, Public Key Cryptography—PKC 2003, Lecture Notes in Comput. Sci., Springer, Berlin, 2567 (2002), 18–30. doi: 10.1007/3-540-36288-6_2.
    [15] D. Chaum, Blind signatures for untraceable payments, Advances in Cryptology, 397 (1983), 199-203.  doi: 10.1007/978-1-4757-0602-4_18.
    [16] D. Chaum, A. Fiat and M. Naor, Untraceable electronic cash, Advances in Cryptology—CRYPTO'88, (1988), 319–327. doi: 10.1007/0-387-34799-2_25.
    [17] D. Chaum and T. P. Pedersen, Wallet databases with observers, In Ernest Brickell, Proceedings of Crypto 92, 0740 (1992), 89-105. 
    [18] D. Chaum and E. Van Heyst, Group signatures, Advances in Cryptology—EUROCRYPT'91, (1991), 257–265. doi: 10.1007/3-540-46416-6_22.
    [19] B. Chevallier-Mames, An efficient CDH-based signature scheme with a tight security reduction, Advances in Cryptology—CRYPTO 2005, Lecture Notes in Comput. Sci., Springer, Berlin, 3621 (2005), 511–526. doi: 10.1007/11535218_31.
    [20] S. S. M. Chow, J. K. Liu and D. S. Wong, Robust receipt-free election system with ballot secrecy and verifieability, NDSS 2008, (1993), 1–14.
    [21] S. S. M. ChowS. M. Yiu and L. C. K. Hui, Efficient identity based ring signature, ACNS 2005, 3531 (2005), 499-512. 
    [22] I. Damgøard, K. Dupont and M. Pedersen, Unclonable group identification, Advances in Cryptology—EUROCRYPT 2006, Lecture Notes in Comput. Sci., Springer, Berlin, 4004 (2006), 555–572. doi: 10.1007/11761679_33.
    [23] Y. Dodis, A. Kiayias, A. Nicolosi and V. Shoup, Anonymous identification in Ad hoc groups, Advances in Cryptology—EUROCRYPT 2004, Lecture Notes in Comput. Sci., Springer, Berlin, 3027 (2004), 609–626. doi: 10.1007/978-3-540-24676-3_36.
    [24] K. EmuraA. Miyaji and K. Omote, An r-hiding revocable group signature scheme: Group signatures with the property of hiding the number of revoked users, Journal of Applied Mathematics, 2014 (2011), 1-14. 
    [25] E. Fujisaki, Sub-linear size traceable ring signatures without random oracles, Topics in Cryptology—CT-RSA 2011, Lecture Notes in Comput. Sci., Springer, Heidelberg, 6558 (2011), 393–415. doi: 10.1007/978-3-642-19074-2_25.
    [26] E. Fujisaki and K. Suzuki, Traceable ring signature, Public Key Cryptography 2007, Lecture Notes in Comput. Sci., Springer, Berlin, 4450 (2007), 181–200. doi: 10.1007/978-3-540-71677-8_13.
    [27] E.-J. Goh and S. Jarecki, A signature scheme as secure as the Diffie-Hellman problem, Advances in Cryptology—EUROCRYPT 2003, Lecture Notes in Comput. Sci., Springer, Berlin, 2656 (2003), 401–415. doi: 10.1007/3-540-39200-9_25.
    [28] K. GuW. Jia and C. Jiang., Efficient and secure identity-based proxy signature in the standard modell, The Computer Journal, 58 (2015), 792-807. 
    [29] K. GuW. J. JiaG. J. Wang and S. Wen, Efficient and secure attribute-based signature for monotone predicates, Acta Informatica, 54 (2017), 521-541.  doi: 10.1007/s00236-016-0270-5.
    [30] K. GuW. J. Jia and J. M. Zhang, Identity-based multi-proxy signature scheme in the standard model, Fundamenta Informaticae, 150 (2017), 179-210.  doi: 10.3233/FI-2017-1464.
    [31] F. Hess, Efficient identity based signature schemes based on pairings, Selected Areas in Cryptography, Lecture Notes in Comput. Sci., Springer, Berlin, 2595 (2003), 310–324. doi: 10.1007/3-540-36492-7_20.
    [32] L. Ibraimi, S. I. Nikova, P. H. Hartel and W. Jonker, An identity-based group signature with membership revocation in the standard model, Faculty of Electrical Engineering, Mathematics & Computer Science, Available from: http:/doc.utwente.nl/72270/1/Paper.pdf.
    [33] M. Jakobsson and C. P. Schnorr, Efficient oblivious proofs of correct exponentiation, Proceedings of the IFIP Conference on Communications and Multimedia Security 99, 152 (1999), 71-86.  doi: 10.1007/978-0-387-35568-9_5.
    [34] I. R. JeongJ. O. Kwon and D. H. Lee, Analysis of revocable-iff-linked ring signature scheme, IEICE Transactions on Fundamentals of Electronics Communications & Computer Sciences, 92 (2009), 322-325.  doi: 10.1587/transfun.E92.A.322.
    [35] Y. Komano, K. Ohta, A. Shimbo and S. Kawamura, Toward the fair anonymous signatures: Deniable ring signatures, Topics in Cryptology—CT-RSA 2006, Lecture Notes in Comput. Sci., Springer, Berlin, 3860 (2006), 174–191. doi: 10.1007/11605805_12.
    [36] F. Laguillaumie and D. Vergnaud, Multi-designated verifiers signatures, Information and Communications Security, (2004), 495–507. doi: 10.1007/978-3-540-30191-2_38.
    [37] J. K. LiuM. H. AuW. Susilo and J. Y. Zhou, Linkable ring signature with unconditional anonymity, IEEE Transactions on Knowledge and Data Engineering, 26 (2014), 157-165.  doi: 10.1109/TKDE.2013.17.
    [38] D. Y. W. LiuJ. K. LiuY. MuW. Susilo and D. S. Wong, Revocable ring signature, J. Comput. Sci. Tech., 22 (2007), 785-794.  doi: 10.1007/s11390-007-9096-5.
    [39] J. K. Liu, V. K. Wei and D. S. Wong, Linkable spontaneous anonymous group signature for ad hoc groups, Information Security and Privacy, (2004), 325–335. doi: 10.1007/978-3-540-27800-9_28.
    [40] J. K. Liu and D. S. Wong, Linkable ring signatures: Security models and new schemes, Computational Science and Its Applications—ICCSA 2005, (2005), 614–623. doi: 10.1007/11424826_65.
    [41] J. K. Liu and D. S. Wong, Enhanced security models and a generic construction approach for linkable ring signature, Int. J. Found.Computt. Sci., 17 (2006), 1403-1422.  doi: 10.1142/S0129054106004480.
    [42] M. Naor, Deniable ring authentication, Advances in Cryptology—CRYPTO 2002, Lecture Notes in Comput. Sci., Springer, Berlin, 2442 (2002), 481–498. doi: 10.1007/3-540-45708-9_31.
    [43] T. Okamoto and K. Ohta, Universal electronic cash, Advances in Cryptology—CRYPTO'91, 403 (1991), 324-337.  doi: 10.1007/3-540-46766-1_27.
    [44] K. G. Paterson and J. C. N. Schuldt, Efficient identity-based signatures secure in the standard model, A Information Security and Privacy, (2006), 207–222. doi: 10.1007/11780656_18.
    [45] R. L. Rivest, A. Shamir and Y. Tauman, How to leak a secret, Advances in Cryptology—ASIACRYPT 2001 (Gold Coast), Lecture Notes in Comput. Sci., Springer, Berlin, 2248 (2001), 552–565. doi: 10.1007/3-540-45682-1_32.
    [46] A. Shamir and Y. Tauman, Improved online/offline signature scheme, Advances in Cryptology—CRYPTO 2001 (Santa Barbara, CA), Lecture Notes in Comput. Sci., Springer, Berlin, 2139 (2001), 355–367. doi: 10.1007/3-540-44647-8_21.
    [47] W. Susilo and Y. Mu, Non-interactive deniable ring authentication, Information Security and Cryptology—ICISC, Lecture Notes in Comput. Sci., Springer, Berlin, 2971 (2004), 386–401. doi: 10.1007/978-3-540-24691-6_29.
    [48] P. P. Tsang and V. K. Wei, Short linkable ring signatures for e-voting, e-cash and attestation, Information Security Practice and Experience, (2005), 48–60. doi: 10.1007/978-3-540-31979-5_5.
    [49] P. P. Tsang, V. K. Wei, T. K. Chan, M. H. Au, J. K. Liu and D. S. Wong, Separable linkable threshold ring signatures, Progress in Cryptology—INDOCRYPT 2004, Lecture Notes in Comput. Sci., Springer, Berlin, 3348 (2004), 384–398. doi: 10.1007/978-3-540-30556-9_30.
    [50] B. Waters, Efficient identity-based encryption without random oracles, Advances in Cryptology—EUROCRYPT 2005, Lecture Notes in Comput. Sci., Springer, Berlin, 3494 (2005), 114–127. doi: 10.1007/11426639_7.
    [51] D. S. Wong, K. Fung, J. K. Liu and V. K. Wei, On the RS-code construction of ring signature schemes and a threshold setting of RST, Information and Communications Security, (2003), 34–46. doi: 10.1007/978-3-540-39927-8_4.
    [52] T. H. YuenJ. K. LiuM. H. AuW. Susilo and J. Y. Zhou, Efficient linkable and/or threshold ring signature without random oracles, The Computer Journal, 56 (2013), 407-421.  doi: 10.1093/comjnl/bxs115.
    [53] S. K. ZengS. Q. Jiang and Z. G. Qin, An efficient conditionally anonymous ring signature in the random oracle model, Theoretical Computer Science, 461 (2012), 106-114.  doi: 10.1016/j.tcs.2012.01.027.
    [54] F. G. Zhang and K. Kim, ID-based blind signature and ring signature from pairings, Advances in Cryptology—ASIACRYPT 2002, Lecture Notes in Comput. Sci., Springer, Berlin, 2501 (2002), 533–547. doi: 10.1007/3-540-36178-2_33.
    [55] D. Zheng, X. X. Li, K. F. Chen and J. H. Li, Linkable ring signatures from linear feedback shift register, Emerging Directions in Embedded and Ubiquitous Computing, (2007), 716–727. doi: 10.1007/978-3-540-77090-9_66.
  • 加载中

Tables(2)

SHARE

Article Metrics

HTML views(788) PDF downloads(1288) Cited by(0)

Access History

Other Articles By Authors

Catalog

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return