A ring signature scheme is a group signature scheme but with no group manager to setup a group or revoke a signer's identity. It allows members of a group to sign messages such that the resulting signatures do not reveal the identities of the group members who actually created these signatures (anonymity) and no one can tell if two signatures are created by the same signer (unlinkability). Furthermore, the formation of a group is spontaneous. Diversion group members (non-signers) can be totally unaware of being conscripted to the group. The notion of linkable ring signature, introduced by Liu et al. in 2004, also provides signer anonymity and spontaneity, but at the same time, allows anyone to determine whether two signatures have been issued by the same group member (linkability). In this paper, we propose a suite of enhanced security models and show that they capture stronger notions of signer anonymity and linkability than the original ones proposed by Liu et al. in 2004. We also propose a generic approach for constructing a linkable ring signature scheme. The generic approach leads us to the construction of two efficient polynomial-structured schemes and one type-restricted separable scheme. The separable scheme allows group members to have different sets of DL (discrete logarithm) domain parameters. All schemes are shown secure under the enhanced security models defined in this paper.
|Number of pages||20|
|Journal||International Journal of Foundations of Computer Science|
|Publication status||Published - 1 Dec 2006|
- Ring signature