Cryptanalysis of a non-interactive deniable ring signature scheme
A ring signature scheme allows a signer to sign a message anonymously, while the deniable ring signature scheme, introduced by Komano et al., guarantees that the signer should be involved in opening the signer anonymity. Gao et al. proposed the first lattice-based deniable ring signature scheme and...
Gespeichert in:
Veröffentlicht in: | International journal of information security 2021-02, Vol.20 (1), p.103-112 |
---|---|
Hauptverfasser: | , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | A ring signature scheme allows a signer to sign a message anonymously, while the deniable ring signature scheme, introduced by Komano et al., guarantees that the signer should be involved in opening the signer anonymity. Gao et al. proposed the first lattice-based deniable ring signature scheme and claimed that their scheme satisfies the following security requirements: anonymity, traceability and non-frameability. In this work, we demonstrate that their scheme does not satisfy the latter two requirements. Specifically, we show that: (1) A malicious signer can produce a valid ring signature that violates traceability; (2) a malicious signer can also generate a valid ring signature that breaks non-frameability. Our attacks are simple and efficient, with successful probability close to 1. Then, we give a simple countermeasure to thwart the attack in (2). To prevent our attack in (1) is non-trivial, but we point out that a deniable ring signature scheme without the traceability property can still find applications in some specific situations. |
---|---|
ISSN: | 1615-5262 1615-5270 |
DOI: | 10.1007/s10207-020-00497-5 |