DualRing: generic construction of ring signatures with efficient instantiations

Tsz Hon Yuen; Muhammed F. Esgin; Joseph K. Liu; Man Ho Au; Zhimin Ding

doi:10.1007/978-3-030-84242-0_10

DualRing: generic construction of ring signatures with efficient instantiations

Tsz Hon Yuen
, Muhammed F. Esgin
, Joseph K. Liu
, Man Ho Au
, Zhimin Ding

Department of Software Systems & Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

83 Citations (Scopus)

Abstract

We introduce a novel generic ring signature construction, called DualRing, which can be built from several canonical identification schemes (such as Schnorr identification). DualRing differs from the classical ring signatures by its formation of two rings: a ring of commitments and a ring of challenges. It has a structural difference from the common ring signature approaches based on accumulators or zero-knowledge proofs of the signer index. Comparatively, DualRing has a number of unique advantages. Considering the DL-based setting by using Schnorr identification scheme, our DualRing structure allows the signature size to be compressed into logarithmic size via an argument of knowledge system such as Bulletproofs. We further improve on the Bulletproofs argument system to eliminate about half of the computation while maintaining the same proof size. We call this Sum Argument and it can be of independent interest. This DL-based construction, named DualRing-EC, using Schnorr identification with Sum Argument has the shortest ring signature size in the literature without using trusted setup. Considering the lattice-based setting, we instantiate DualRing by a canonical identification based on M-LWE and M-SIS. In practice, we achieve the shortest lattice-based ring signature, named DualRing-LB, when the ring size is between 4 and 2000. DualRing-LB is also 5 × faster in signing and verification than the fastest lattice-based scheme by Esgin et al. (CRYPTO’19).

Original language	English
Title of host publication	41st Annual International Cryptology Conference, CRYPTO 2021 Virtual Event, August 16–20, 2021 Proceedings, Part I
Editors	Tal Malkin, Chris Peikert
Place of Publication	Cham Switzerland
Publisher	Springer
Pages	251-281
Number of pages	31
ISBN (Electronic)	9783030842420
ISBN (Print)	9783030842413
DOIs	https://doi.org/10.1007/978-3-030-84242-0_10
Publication status	Published - 2021
Event	Advances in Cryptology 2021 - Online Duration: 16 Aug 2021 → 20 Aug 2021 Conference number: 41st https://link.springer.com/book/10.1007/978-3-030-84242-0 (Proceedings)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	12825
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Advances in Cryptology 2021
Abbreviated title	CRYPTO 2021
Period	16/08/21 → 20/08/21
Internet address	https://link.springer.com/book/10.1007/978-3-030-84242-0 (Proceedings)

Keywords

Generic construction
M-LWE/SIS
Ring signature
Sum argument

Access to Document

10.1007/978-3-030-84242-0_10

Cite this

Yuen, T. H., Esgin, M. F., Liu, J. K., Au, M. H., & Ding, Z. (2021). DualRing: generic construction of ring signatures with efficient instantiations. In T. Malkin, & C. Peikert (Eds.), 41st Annual International Cryptology Conference, CRYPTO 2021 Virtual Event, August 16–20, 2021 Proceedings, Part I (pp. 251-281). (Lecture Notes in Computer Science; Vol. 12825). Springer. https://doi.org/10.1007/978-3-030-84242-0_10

Yuen, Tsz Hon ; Esgin, Muhammed F. ; Liu, Joseph K. et al. / DualRing : generic construction of ring signatures with efficient instantiations. 41st Annual International Cryptology Conference, CRYPTO 2021 Virtual Event, August 16–20, 2021 Proceedings, Part I. editor / Tal Malkin ; Chris Peikert. Cham Switzerland : Springer, 2021. pp. 251-281 (Lecture Notes in Computer Science).

@inproceedings{82d987ff3483440fb6fc5bec9fb13b1b,

title = "DualRing: generic construction of ring signatures with efficient instantiations",

abstract = "We introduce a novel generic ring signature construction, called DualRing, which can be built from several canonical identification schemes (such as Schnorr identification). DualRing differs from the classical ring signatures by its formation of two rings: a ring of commitments and a ring of challenges. It has a structural difference from the common ring signature approaches based on accumulators or zero-knowledge proofs of the signer index. Comparatively, DualRing has a number of unique advantages. Considering the DL-based setting by using Schnorr identification scheme, our DualRing structure allows the signature size to be compressed into logarithmic size via an argument of knowledge system such as Bulletproofs. We further improve on the Bulletproofs argument system to eliminate about half of the computation while maintaining the same proof size. We call this Sum Argument and it can be of independent interest. This DL-based construction, named DualRing-EC, using Schnorr identification with Sum Argument has the shortest ring signature size in the literature without using trusted setup. Considering the lattice-based setting, we instantiate DualRing by a canonical identification based on M-LWE and M-SIS. In practice, we achieve the shortest lattice-based ring signature, named DualRing-LB, when the ring size is between 4 and 2000. DualRing-LB is also 5 × faster in signing and verification than the fastest lattice-based scheme by Esgin et al. (CRYPTO{\textquoteright}19).",

keywords = "Generic construction, M-LWE/SIS, Ring signature, Sum argument",

author = "Yuen, \{Tsz Hon\} and Esgin, \{Muhammed F.\} and Liu, \{Joseph K.\} and Au, \{Man Ho\} and Zhimin Ding",

note = "Publisher Copyright: {\textcopyright} 2021, International Association for Cryptologic Research. Copyright: Copyright 2021 Elsevier B.V., All rights reserved.; Advances in Cryptology 2021, CRYPTO 2021 ; Conference date: 16-08-2021 Through 20-08-2021",

year = "2021",

doi = "10.1007/978-3-030-84242-0\_10",

language = "English",

isbn = "9783030842413",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "251--281",

editor = "Tal Malkin and Chris Peikert",

booktitle = "41st Annual International Cryptology Conference, CRYPTO 2021 Virtual Event, August 16–20, 2021 Proceedings, Part I",

address = "Switzerland",

url = "https://link.springer.com/book/10.1007/978-3-030-84242-0",

}

Yuen, TH , Esgin, MF , Liu, JK, Au, MH & Ding, Z 2021, DualRing: generic construction of ring signatures with efficient instantiations. in T Malkin & C Peikert (eds), 41st Annual International Cryptology Conference, CRYPTO 2021 Virtual Event, August 16–20, 2021 Proceedings, Part I. Lecture Notes in Computer Science, vol. 12825, Springer, Cham Switzerland, pp. 251-281, Advances in Cryptology 2021, 16/08/21. https://doi.org/10.1007/978-3-030-84242-0_10

DualRing: generic construction of ring signatures with efficient instantiations. / Yuen, Tsz Hon ; Esgin, Muhammed F.; Liu, Joseph K. et al.
41st Annual International Cryptology Conference, CRYPTO 2021 Virtual Event, August 16–20, 2021 Proceedings, Part I. ed. / Tal Malkin; Chris Peikert. Cham Switzerland: Springer, 2021. p. 251-281 (Lecture Notes in Computer Science; Vol. 12825).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - DualRing

T2 - Advances in Cryptology 2021

AU - Yuen, Tsz Hon

AU - Esgin, Muhammed F.

AU - Liu, Joseph K.

AU - Au, Man Ho

AU - Ding, Zhimin

N1 - Conference code: 41st

PY - 2021

Y1 - 2021

N2 - We introduce a novel generic ring signature construction, called DualRing, which can be built from several canonical identification schemes (such as Schnorr identification). DualRing differs from the classical ring signatures by its formation of two rings: a ring of commitments and a ring of challenges. It has a structural difference from the common ring signature approaches based on accumulators or zero-knowledge proofs of the signer index. Comparatively, DualRing has a number of unique advantages. Considering the DL-based setting by using Schnorr identification scheme, our DualRing structure allows the signature size to be compressed into logarithmic size via an argument of knowledge system such as Bulletproofs. We further improve on the Bulletproofs argument system to eliminate about half of the computation while maintaining the same proof size. We call this Sum Argument and it can be of independent interest. This DL-based construction, named DualRing-EC, using Schnorr identification with Sum Argument has the shortest ring signature size in the literature without using trusted setup. Considering the lattice-based setting, we instantiate DualRing by a canonical identification based on M-LWE and M-SIS. In practice, we achieve the shortest lattice-based ring signature, named DualRing-LB, when the ring size is between 4 and 2000. DualRing-LB is also 5 × faster in signing and verification than the fastest lattice-based scheme by Esgin et al. (CRYPTO’19).

AB - We introduce a novel generic ring signature construction, called DualRing, which can be built from several canonical identification schemes (such as Schnorr identification). DualRing differs from the classical ring signatures by its formation of two rings: a ring of commitments and a ring of challenges. It has a structural difference from the common ring signature approaches based on accumulators or zero-knowledge proofs of the signer index. Comparatively, DualRing has a number of unique advantages. Considering the DL-based setting by using Schnorr identification scheme, our DualRing structure allows the signature size to be compressed into logarithmic size via an argument of knowledge system such as Bulletproofs. We further improve on the Bulletproofs argument system to eliminate about half of the computation while maintaining the same proof size. We call this Sum Argument and it can be of independent interest. This DL-based construction, named DualRing-EC, using Schnorr identification with Sum Argument has the shortest ring signature size in the literature without using trusted setup. Considering the lattice-based setting, we instantiate DualRing by a canonical identification based on M-LWE and M-SIS. In practice, we achieve the shortest lattice-based ring signature, named DualRing-LB, when the ring size is between 4 and 2000. DualRing-LB is also 5 × faster in signing and verification than the fastest lattice-based scheme by Esgin et al. (CRYPTO’19).

KW - Generic construction

KW - M-LWE/SIS

KW - Ring signature

KW - Sum argument

UR - https://www.scopus.com/pages/publications/85115175628

U2 - 10.1007/978-3-030-84242-0_10

DO - 10.1007/978-3-030-84242-0_10

M3 - Conference Paper

AN - SCOPUS:85115175628

SN - 9783030842413

T3 - Lecture Notes in Computer Science

SP - 251

EP - 281

BT - 41st Annual International Cryptology Conference, CRYPTO 2021 Virtual Event, August 16–20, 2021 Proceedings, Part I

A2 - Malkin, Tal

A2 - Peikert, Chris

PB - Springer

CY - Cham Switzerland

Y2 - 16 August 2021 through 20 August 2021

ER -

Yuen TH , Esgin MF , Liu JK, Au MH, Ding Z. DualRing: generic construction of ring signatures with efficient instantiations. In Malkin T, Peikert C, editors, 41st Annual International Cryptology Conference, CRYPTO 2021 Virtual Event, August 16–20, 2021 Proceedings, Part I. Cham Switzerland: Springer. 2021. p. 251-281. (Lecture Notes in Computer Science). doi: 10.1007/978-3-030-84242-0_10

DualRing: generic construction of ring signatures with efficient instantiations

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Cite this