Short Linkable Ring Signatures Revisited

Ring signature is a group-oriented signature in which the signer can spontaneously form a group and generate a signature such that the verifier is convinced the signature was generated by one member of the group and yet does not know who actually signed. Linkable ring signature is a variant such that two signatures can be linked if and only if they were signed by the same person. Recently, the first short linkable ring signature has been proposed. The short signature length makes it practical all of a sudden to use linkable ring signature as a building block in various cryptographic applications. However, we observed a subtle and yet imperative blemish glossed over by their security model definition which, if not carefully understood and properly handled, could lead to unanticipated security threats. Inspired by the recent refinement of security definitions in conventional ring signatures, we formalize a new and better security model for linkable ring signature schemes that takes into account realistic adversarial capabilities. We show that the new model is strictly stronger than all existing ones in the literature. Under our new model, we propose a new short linkable ring signature scheme, improved upon the existing scheme.