Ring Signatures: Stronger Definitions, and Constructions Without Random Oracles
Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ri...
Gespeichert in:
| Hauptverfasser: | , , |
|---|---|
| Format: | Buchkapitel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 79 |
|---|---|
| container_issue | |
| container_start_page | 60 |
| container_title | |
| container_volume | |
| creator | Bender, Adam Katz, Jonathan Morselli, Ruggero |
| description | Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely “ad-hoc” and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature.
This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and then give separation results proving that our new notions are strictly stronger than previous ones. Next, we show two constructions of ring signature schemes in the standard model: one based on generic assumptions which satisfies our strongest definitions of security, and a second, more efficient scheme achieving weaker security guarantees and more limited functionality. These are the first constructions of ring signature schemes that do not rely on random oracles or ideal ciphers. |
| doi_str_mv | 10.1007/11681878_4 |
| format | Book Chapter |
| fullrecord | <record><control><sourceid>pascalfrancis_sprin</sourceid><recordid>TN_cdi_pascalfrancis_primary_19183437</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>19183437</sourcerecordid><originalsourceid>FETCH-LOGICAL-c295t-fbfb36ebab961c7811aa608df591d29d80dce855faac45234e1cbbc43e94c3dd3</originalsourceid><addsrcrecordid>eNpFkMtOwzAQRc1LopRu-AJvkFgQ8GScxGaHylOqVKkFsYz8SjG0TmWnC_6elCJ1NjOac-dKcwm5AHYDjFW3AKUAUYmaH5AzLDjDvMKcHZIBlAAZIpdHewD5MRkwZHkmK46nZJTSF-urv0AhB2Q682FB534RVLeJLt3ReRfbsHCRPrjGB9_5NqRrqoKl437q4sb8reiH7z7bTUdnPWpXdBqVWbp0Tk4atUxu9N-H5P3p8W38kk2mz6_j-0lmcll0WaMbjaXTSssSTCUAlCqZsE0hwebSCmaNE0XRKGV4kSN3YLQ2HJ3kBq3FIbnc-a5VMmrZRBWMT_U6-pWKPzVIEMix6nVXO13q0fatWrftd6qB1ds0632a-As9m2Mc</addsrcrecordid><sourcetype>Index Database</sourcetype><iscdi>true</iscdi><recordtype>book_chapter</recordtype></control><display><type>book_chapter</type><title>Ring Signatures: Stronger Definitions, and Constructions Without Random Oracles</title><source>Springer Books</source><creator>Bender, Adam ; Katz, Jonathan ; Morselli, Ruggero</creator><contributor>Rabin, Tal ; Halevi, Shai</contributor><creatorcontrib>Bender, Adam ; Katz, Jonathan ; Morselli, Ruggero ; Rabin, Tal ; Halevi, Shai</creatorcontrib><description>Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely “ad-hoc” and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature.
This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and then give separation results proving that our new notions are strictly stronger than previous ones. Next, we show two constructions of ring signature schemes in the standard model: one based on generic assumptions which satisfies our strongest definitions of security, and a second, more efficient scheme achieving weaker security guarantees and more limited functionality. These are the first constructions of ring signature schemes that do not rely on random oracles or ideal ciphers.</description><identifier>ISSN: 0302-9743</identifier><identifier>ISBN: 3540327312</identifier><identifier>ISBN: 9783540327318</identifier><identifier>EISSN: 1611-3349</identifier><identifier>EISBN: 3540327320</identifier><identifier>EISBN: 9783540327325</identifier><identifier>DOI: 10.1007/11681878_4</identifier><language>eng</language><publisher>Berlin, Heidelberg: Springer Berlin Heidelberg</publisher><subject>Applied sciences ; Cryptography ; Exact sciences and technology ; Information, signal and communications theory ; Random Coin ; Random Oracle ; Ring Signature ; Semantic Security ; Signal and communications theory ; Signature Scheme ; Telecommunications and information theory</subject><ispartof>Lecture notes in computer science, 2006, p.60-79</ispartof><rights>Springer-Verlag Berlin Heidelberg 2006</rights><rights>2007 INIST-CNRS</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c295t-fbfb36ebab961c7811aa608df591d29d80dce855faac45234e1cbbc43e94c3dd3</citedby><relation>Lecture Notes in Computer Science</relation></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/11681878_4$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/11681878_4$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>309,310,779,780,784,789,790,793,4050,4051,27925,38255,41442,42511</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=19183437$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><contributor>Rabin, Tal</contributor><contributor>Halevi, Shai</contributor><creatorcontrib>Bender, Adam</creatorcontrib><creatorcontrib>Katz, Jonathan</creatorcontrib><creatorcontrib>Morselli, Ruggero</creatorcontrib><title>Ring Signatures: Stronger Definitions, and Constructions Without Random Oracles</title><title>Lecture notes in computer science</title><description>Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely “ad-hoc” and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature.
This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and then give separation results proving that our new notions are strictly stronger than previous ones. Next, we show two constructions of ring signature schemes in the standard model: one based on generic assumptions which satisfies our strongest definitions of security, and a second, more efficient scheme achieving weaker security guarantees and more limited functionality. These are the first constructions of ring signature schemes that do not rely on random oracles or ideal ciphers.</description><subject>Applied sciences</subject><subject>Cryptography</subject><subject>Exact sciences and technology</subject><subject>Information, signal and communications theory</subject><subject>Random Coin</subject><subject>Random Oracle</subject><subject>Ring Signature</subject><subject>Semantic Security</subject><subject>Signal and communications theory</subject><subject>Signature Scheme</subject><subject>Telecommunications and information theory</subject><issn>0302-9743</issn><issn>1611-3349</issn><isbn>3540327312</isbn><isbn>9783540327318</isbn><isbn>3540327320</isbn><isbn>9783540327325</isbn><fulltext>true</fulltext><rsrctype>book_chapter</rsrctype><creationdate>2006</creationdate><recordtype>book_chapter</recordtype><recordid>eNpFkMtOwzAQRc1LopRu-AJvkFgQ8GScxGaHylOqVKkFsYz8SjG0TmWnC_6elCJ1NjOac-dKcwm5AHYDjFW3AKUAUYmaH5AzLDjDvMKcHZIBlAAZIpdHewD5MRkwZHkmK46nZJTSF-urv0AhB2Q682FB534RVLeJLt3ReRfbsHCRPrjGB9_5NqRrqoKl437q4sb8reiH7z7bTUdnPWpXdBqVWbp0Tk4atUxu9N-H5P3p8W38kk2mz6_j-0lmcll0WaMbjaXTSssSTCUAlCqZsE0hwebSCmaNE0XRKGV4kSN3YLQ2HJ3kBq3FIbnc-a5VMmrZRBWMT_U6-pWKPzVIEMix6nVXO13q0fatWrftd6qB1ds0632a-As9m2Mc</recordid><startdate>2006</startdate><enddate>2006</enddate><creator>Bender, Adam</creator><creator>Katz, Jonathan</creator><creator>Morselli, Ruggero</creator><general>Springer Berlin Heidelberg</general><general>Springer</general><scope>IQODW</scope></search><sort><creationdate>2006</creationdate><title>Ring Signatures: Stronger Definitions, and Constructions Without Random Oracles</title><author>Bender, Adam ; Katz, Jonathan ; Morselli, Ruggero</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c295t-fbfb36ebab961c7811aa608df591d29d80dce855faac45234e1cbbc43e94c3dd3</frbrgroupid><rsrctype>book_chapters</rsrctype><prefilter>book_chapters</prefilter><language>eng</language><creationdate>2006</creationdate><topic>Applied sciences</topic><topic>Cryptography</topic><topic>Exact sciences and technology</topic><topic>Information, signal and communications theory</topic><topic>Random Coin</topic><topic>Random Oracle</topic><topic>Ring Signature</topic><topic>Semantic Security</topic><topic>Signal and communications theory</topic><topic>Signature Scheme</topic><topic>Telecommunications and information theory</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Bender, Adam</creatorcontrib><creatorcontrib>Katz, Jonathan</creatorcontrib><creatorcontrib>Morselli, Ruggero</creatorcontrib><collection>Pascal-Francis</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Bender, Adam</au><au>Katz, Jonathan</au><au>Morselli, Ruggero</au><au>Rabin, Tal</au><au>Halevi, Shai</au><format>book</format><genre>bookitem</genre><ristype>CHAP</ristype><atitle>Ring Signatures: Stronger Definitions, and Constructions Without Random Oracles</atitle><btitle>Lecture notes in computer science</btitle><seriestitle>Lecture Notes in Computer Science</seriestitle><date>2006</date><risdate>2006</risdate><spage>60</spage><epage>79</epage><pages>60-79</pages><issn>0302-9743</issn><eissn>1611-3349</eissn><isbn>3540327312</isbn><isbn>9783540327318</isbn><eisbn>3540327320</eisbn><eisbn>9783540327325</eisbn><abstract>Ring signatures, first introduced by Rivest, Shamir, and Tauman, enable a user to sign a message so that a ring of possible signers (of which the user is a member) is identified, without revealing exactly which member of that ring actually generated the signature. In contrast to group signatures, ring signatures are completely “ad-hoc” and do not require any central authority or coordination among the various users (indeed, users do not even need to be aware of each other); furthermore, ring signature schemes grant users fine-grained control over the level of anonymity associated with any particular signature.
This paper has two main areas of focus. First, we examine previous definitions of security for ring signature schemes and suggest that most of these prior definitions are too weak, in the sense that they do not take into account certain realistic attacks. We propose new definitions of anonymity and unforgeability which address these threats, and then give separation results proving that our new notions are strictly stronger than previous ones. Next, we show two constructions of ring signature schemes in the standard model: one based on generic assumptions which satisfies our strongest definitions of security, and a second, more efficient scheme achieving weaker security guarantees and more limited functionality. These are the first constructions of ring signature schemes that do not rely on random oracles or ideal ciphers.</abstract><cop>Berlin, Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/11681878_4</doi><tpages>20</tpages><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0302-9743 |
| ispartof | Lecture notes in computer science, 2006, p.60-79 |
| issn | 0302-9743 1611-3349 |
| language | eng |
| recordid | cdi_pascalfrancis_primary_19183437 |
| source | Springer Books |
| subjects | Applied sciences Cryptography Exact sciences and technology Information, signal and communications theory Random Coin Random Oracle Ring Signature Semantic Security Signal and communications theory Signature Scheme Telecommunications and information theory |
| title | Ring Signatures: Stronger Definitions, and Constructions Without Random Oracles |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-01T17%3A24%3A08IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-pascalfrancis_sprin&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=bookitem&rft.atitle=Ring%20Signatures:%20Stronger%20Definitions,%20and%20Constructions%20Without%20Random%20Oracles&rft.btitle=Lecture%20notes%20in%20computer%20science&rft.au=Bender,%20Adam&rft.date=2006&rft.spage=60&rft.epage=79&rft.pages=60-79&rft.issn=0302-9743&rft.eissn=1611-3349&rft.isbn=3540327312&rft.isbn_list=9783540327318&rft_id=info:doi/10.1007/11681878_4&rft_dat=%3Cpascalfrancis_sprin%3E19183437%3C/pascalfrancis_sprin%3E%3Curl%3E%3C/url%3E&rft.eisbn=3540327320&rft.eisbn_list=9783540327325&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |