TY - GEN
T1 - Towards practical lattice-based one-time linkable ring signatures
AU - Baum, Carsten
AU - Lin, Huang
AU - Oechsner, Sabine
PY - 2018
Y1 - 2018
N2 - Ring signatures, as introduced by Rivest, Shamir, and Tauman (Asiacrypt ’01), allow to generate a signature for a message on behalf of an ad-hoc set of parties. To sign a message, only the public keys must be known and these can be generated independently. It is furthermore not possible to identify the actual signer based on the signature. Ring signatures have recently gained attention due to their applicability in the construction of practical anonymous cryptocurrencies, where they are used to secure transactions while hiding the identity of the actual spender. To be applicable in that setting, ring signatures must allow to determine when a party signed multiple transactions, which is done using a property called linkability. This work presents a linkable ring signature scheme constructed from a lattice-based collision-resistant hash function. We follow the idea of existing schemes which are secure based on the hardness of the discrete logarithm problem, but adapt and optimize ours to the lattice setting. In comparison to other designs for (lattice-based) linkable ring signatures, our approach avoids the standard solution for achieving linkability, which involves proofs about correct evaluation of a pseudorandom function using heavy zero-knowledge machinery.
AB - Ring signatures, as introduced by Rivest, Shamir, and Tauman (Asiacrypt ’01), allow to generate a signature for a message on behalf of an ad-hoc set of parties. To sign a message, only the public keys must be known and these can be generated independently. It is furthermore not possible to identify the actual signer based on the signature. Ring signatures have recently gained attention due to their applicability in the construction of practical anonymous cryptocurrencies, where they are used to secure transactions while hiding the identity of the actual spender. To be applicable in that setting, ring signatures must allow to determine when a party signed multiple transactions, which is done using a property called linkability. This work presents a linkable ring signature scheme constructed from a lattice-based collision-resistant hash function. We follow the idea of existing schemes which are secure based on the hardness of the discrete logarithm problem, but adapt and optimize ours to the lattice setting. In comparison to other designs for (lattice-based) linkable ring signatures, our approach avoids the standard solution for achieving linkability, which involves proofs about correct evaluation of a pseudorandom function using heavy zero-knowledge machinery.
UR - http://www.scopus.com/inward/record.url?scp=85056449456&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-01950-1_18
DO - 10.1007/978-3-030-01950-1_18
M3 - Conference contribution
SN - 9783030019495
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 303
EP - 322
BT - Information and Communications Security - 20th International Conference, ICICS 2018, Proceedings
A2 - Blanc, G.
A2 - Qing, S.
A2 - Lu, R.
A2 - Zhang, Z.
A2 - Meddahi, A.
A2 - Naccache, D.
A2 - Xu, S.
A2 - Samarati, P.
PB - Springer Verlag
T2 - 20th International Conference on Information and Communications Security, ICICS 2018
Y2 - 29 October 2018 through 31 October 2018
ER -