Count Me In! Extendability for Threshold Ring Signatures

Diego F. Aranha; Mathias Hall-Andersen; Anca Nitulescu; Elena Pagnin; Sophia Yakoubov

doi:10.1007/978-3-030-97131-1_13

Count Me In! Extendability for Threshold Ring Signatures

Diego F. Aranha, Mathias Hall-Andersen, Anca Nitulescu, Elena Pagnin, Sophia Yakoubov

Forskningsoutput: Kapitel i bok/rapport/Conference proceeding › Konferenspaper i proceeding › Peer review

Sammanfattning

Ring signatures enable a signer to sign a message on behalf of a group anonymously, without revealing her identity. Similarly, threshold ring signatures allow several signers to sign the same message on behalf of a group; while the combined signature reveals that some threshold t of the group members signed the message, it does not leak anything else about the signers’ identities. Anonymity is a central feature in threshold ring signature applications, such as whistleblowing, e-voting and privacy-preserving cryptocurrencies: it is often crucial for signers to remain anonymous even from their fellow signers. When the generation of a signature requires interaction, this is difficult to achieve. There exist threshold ring signatures with non-interactive signing—where signers locally produce partial signatures which can then be aggregated—but a limitation of existing threshold ring signature constructions is that all of the signers must agree on the group on whose behalf they are signing, which implicitly assumes some coordination amongst them. The need to agree on a group before generating a signature also prevents others—from outside that group—from endorsing a message by adding their signature to the statement post-factum. We overcome this limitation by introducing extendability for ring signatures, same-message linkable ring signatures, and threshold ring signatures. Extendability allows an untrusted third party to take a signature, and extend it by enlarging the anonymity set to a larger set. In the extendable threshold ring signature, two signatures on the same message which have been extended to the same anonymity set can then be combined into one signature with a higher threshold. This enhances signers’ anonymity, and enables new signers to anonymously support a statement already made by others. For each of those primitives, we formalize the syntax and provide a meaningful security model which includes different flavors of anonymous extendability. In addition, we present concrete realizations of each primitive and formally prove their security relying on signatures of knowledge and the hardness of the discrete logarithm problem. We also describe a generic transformation to obtain extendable threshold ring signatures from same-message-linkable extendable ring signatures. Finally, we implement and benchmark our constructions.

Originalspråk	engelska
Titel på värdpublikation	Public-Key Cryptography - PKC 2022
Undertitel på värdpublikation	25th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings, Part II
Redaktörer	Goichiro Hanaoka, Junji Shikata, Yohei Watanabe
Förlag	Springer
Sidor	379-406
Antal sidor	28
ISBN (elektroniskt)	9783030971311
ISBN (tryckt)	9783030971304
DOI	https://doi.org/10.1007/978-3-030-97131-1_13
Status	Published - 2022
Evenemang	25th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2022 - Virtual, Online Varaktighet: 2022 mars 8 → 2022 mars 11

Publikationsserier

Namn	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Förlag	Springer
Volym	13178
ISSN (tryckt)	0302-9743
ISSN (elektroniskt)	1611-3349

Konferens

Konferens	25th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2022
Ort	Virtual, Online
Period	2022/03/08 → 2022/03/11

Bibliografisk information

Publisher Copyright:
© 2022, International Association for Cryptologic Research.

Ämnesklassifikation (UKÄ)

Datavetenskap (Datalogi)

Tillgång till dokument

10.1007/978-3-030-97131-1_13

Andra filer och länkar

Link to publication in Scopus

SMARTY: Säkra mjukvaruuppdateringar för den smarta staden
Hell, M. (PI), Magnusson, B. (PI), Gehrmann, C. (CoI), Paladi, N. (Forskare), Karlsson, L. (Forskare), Sönnerup, J. (Forskare), Johnsson, B. A. (Forskare), Hedin, G. (Forskare), Nordahl, M. (Forskare), Pagnin, E. (Forskare), Kundu, R. (Forskare), Åkesson, A. (Forskare), Stankovski Wagner, P. (Forskare) & Ramezanian, S. (Forskare)
Stiftelsen för Strategisk Forskning, SSF
2018/03/01 → 2024/12/31
Projekt: Forskning

Citera det här

Aranha, D. F., Hall-Andersen, M., Nitulescu, A., Pagnin, E., & Yakoubov, S. (2022). Count Me In! Extendability for Threshold Ring Signatures. I G. Hanaoka, J. Shikata, & Y. Watanabe (Red.), Public-Key Cryptography - PKC 2022: 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings, Part II (s. 379-406). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13178). Springer. https://doi.org/10.1007/978-3-030-97131-1_13

Aranha, Diego F. ; Hall-Andersen, Mathias ; Nitulescu, Anca et al. / Count Me In! Extendability for Threshold Ring Signatures. Public-Key Cryptography - PKC 2022: 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings, Part II. redaktör / Goichiro Hanaoka ; Junji Shikata ; Yohei Watanabe. Springer, 2022. s. 379-406 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a5e38975d984411eb1905dc321fe60a0,

title = "Count Me In! Extendability for Threshold Ring Signatures",

abstract = "Ring signatures enable a signer to sign a message on behalf of a group anonymously, without revealing her identity. Similarly, threshold ring signatures allow several signers to sign the same message on behalf of a group; while the combined signature reveals that some threshold t of the group members signed the message, it does not leak anything else about the signers{\textquoteright} identities. Anonymity is a central feature in threshold ring signature applications, such as whistleblowing, e-voting and privacy-preserving cryptocurrencies: it is often crucial for signers to remain anonymous even from their fellow signers. When the generation of a signature requires interaction, this is difficult to achieve. There exist threshold ring signatures with non-interactive signing—where signers locally produce partial signatures which can then be aggregated—but a limitation of existing threshold ring signature constructions is that all of the signers must agree on the group on whose behalf they are signing, which implicitly assumes some coordination amongst them. The need to agree on a group before generating a signature also prevents others—from outside that group—from endorsing a message by adding their signature to the statement post-factum. We overcome this limitation by introducing extendability for ring signatures, same-message linkable ring signatures, and threshold ring signatures. Extendability allows an untrusted third party to take a signature, and extend it by enlarging the anonymity set to a larger set. In the extendable threshold ring signature, two signatures on the same message which have been extended to the same anonymity set can then be combined into one signature with a higher threshold. This enhances signers{\textquoteright} anonymity, and enables new signers to anonymously support a statement already made by others. For each of those primitives, we formalize the syntax and provide a meaningful security model which includes different flavors of anonymous extendability. In addition, we present concrete realizations of each primitive and formally prove their security relying on signatures of knowledge and the hardness of the discrete logarithm problem. We also describe a generic transformation to obtain extendable threshold ring signatures from same-message-linkable extendable ring signatures. Finally, we implement and benchmark our constructions.",

keywords = "Anonymity, Extendability, Threshold ring signatures",

author = "Aranha, \{Diego F.\} and Mathias Hall-Andersen and Anca Nitulescu and Elena Pagnin and Sophia Yakoubov",

note = "Publisher Copyright: {\textcopyright} 2022, International Association for Cryptologic Research.; 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2022 ; Conference date: 08-03-2022 Through 11-03-2022",

year = "2022",

doi = "10.1007/978-3-030-97131-1\_13",

language = "English",

isbn = "9783030971304",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "379--406",

editor = "Goichiro Hanaoka and Junji Shikata and Yohei Watanabe",

booktitle = "Public-Key Cryptography - PKC 2022",

address = "Germany",

}

Aranha, DF, Hall-Andersen, M, Nitulescu, A, Pagnin, E & Yakoubov, S 2022, Count Me In! Extendability for Threshold Ring Signatures. i G Hanaoka, J Shikata & Y Watanabe (red), Public-Key Cryptography - PKC 2022: 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings, Part II. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13178, Springer, s. 379-406, 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2022, Virtual, Online, 2022/03/08. https://doi.org/10.1007/978-3-030-97131-1_13

Count Me In! Extendability for Threshold Ring Signatures. / Aranha, Diego F.; Hall-Andersen, Mathias; Nitulescu, Anca et al.
Public-Key Cryptography - PKC 2022: 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings, Part II. red. / Goichiro Hanaoka; Junji Shikata; Yohei Watanabe. Springer, 2022. s. 379-406 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13178).

Forskningsoutput: Kapitel i bok/rapport/Conference proceeding › Konferenspaper i proceeding › Peer review

TY - GEN

T1 - Count Me In! Extendability for Threshold Ring Signatures

AU - Aranha, Diego F.

AU - Hall-Andersen, Mathias

AU - Nitulescu, Anca

AU - Pagnin, Elena

AU - Yakoubov, Sophia

PY - 2022

Y1 - 2022

N2 - Ring signatures enable a signer to sign a message on behalf of a group anonymously, without revealing her identity. Similarly, threshold ring signatures allow several signers to sign the same message on behalf of a group; while the combined signature reveals that some threshold t of the group members signed the message, it does not leak anything else about the signers’ identities. Anonymity is a central feature in threshold ring signature applications, such as whistleblowing, e-voting and privacy-preserving cryptocurrencies: it is often crucial for signers to remain anonymous even from their fellow signers. When the generation of a signature requires interaction, this is difficult to achieve. There exist threshold ring signatures with non-interactive signing—where signers locally produce partial signatures which can then be aggregated—but a limitation of existing threshold ring signature constructions is that all of the signers must agree on the group on whose behalf they are signing, which implicitly assumes some coordination amongst them. The need to agree on a group before generating a signature also prevents others—from outside that group—from endorsing a message by adding their signature to the statement post-factum. We overcome this limitation by introducing extendability for ring signatures, same-message linkable ring signatures, and threshold ring signatures. Extendability allows an untrusted third party to take a signature, and extend it by enlarging the anonymity set to a larger set. In the extendable threshold ring signature, two signatures on the same message which have been extended to the same anonymity set can then be combined into one signature with a higher threshold. This enhances signers’ anonymity, and enables new signers to anonymously support a statement already made by others. For each of those primitives, we formalize the syntax and provide a meaningful security model which includes different flavors of anonymous extendability. In addition, we present concrete realizations of each primitive and formally prove their security relying on signatures of knowledge and the hardness of the discrete logarithm problem. We also describe a generic transformation to obtain extendable threshold ring signatures from same-message-linkable extendable ring signatures. Finally, we implement and benchmark our constructions.

AB - Ring signatures enable a signer to sign a message on behalf of a group anonymously, without revealing her identity. Similarly, threshold ring signatures allow several signers to sign the same message on behalf of a group; while the combined signature reveals that some threshold t of the group members signed the message, it does not leak anything else about the signers’ identities. Anonymity is a central feature in threshold ring signature applications, such as whistleblowing, e-voting and privacy-preserving cryptocurrencies: it is often crucial for signers to remain anonymous even from their fellow signers. When the generation of a signature requires interaction, this is difficult to achieve. There exist threshold ring signatures with non-interactive signing—where signers locally produce partial signatures which can then be aggregated—but a limitation of existing threshold ring signature constructions is that all of the signers must agree on the group on whose behalf they are signing, which implicitly assumes some coordination amongst them. The need to agree on a group before generating a signature also prevents others—from outside that group—from endorsing a message by adding their signature to the statement post-factum. We overcome this limitation by introducing extendability for ring signatures, same-message linkable ring signatures, and threshold ring signatures. Extendability allows an untrusted third party to take a signature, and extend it by enlarging the anonymity set to a larger set. In the extendable threshold ring signature, two signatures on the same message which have been extended to the same anonymity set can then be combined into one signature with a higher threshold. This enhances signers’ anonymity, and enables new signers to anonymously support a statement already made by others. For each of those primitives, we formalize the syntax and provide a meaningful security model which includes different flavors of anonymous extendability. In addition, we present concrete realizations of each primitive and formally prove their security relying on signatures of knowledge and the hardness of the discrete logarithm problem. We also describe a generic transformation to obtain extendable threshold ring signatures from same-message-linkable extendable ring signatures. Finally, we implement and benchmark our constructions.

KW - Anonymity

KW - Extendability

KW - Threshold ring signatures

UR - https://www.scopus.com/pages/publications/85126236217

U2 - 10.1007/978-3-030-97131-1_13

DO - 10.1007/978-3-030-97131-1_13

M3 - Paper in conference proceeding

AN - SCOPUS:85126236217

SN - 9783030971304

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 379

EP - 406

BT - Public-Key Cryptography - PKC 2022

A2 - Hanaoka, Goichiro

A2 - Shikata, Junji

A2 - Watanabe, Yohei

PB - Springer

T2 - 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, PKC 2022

Y2 - 8 March 2022 through 11 March 2022

ER -

Aranha DF, Hall-Andersen M, Nitulescu A, Pagnin E, Yakoubov S. Count Me In! Extendability for Threshold Ring Signatures. I Hanaoka G, Shikata J, Watanabe Y, redaktörer, Public-Key Cryptography - PKC 2022: 25th IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings, Part II. Springer. 2022. s. 379-406. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-97131-1_13