“https://getmonero.org/” 6 Monero – secure, private, untraceable getmonero.org, The Monero Project5 Shi-FengSun, Man Ho Au, Joseph K. Liu, Tsz Hon Yuen, Dawu Gu “RingCT 2.0: A Compact Accumulator-Based(Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero”4 Patrick P.Tsang and Victor K. Wei.

” Short Linkable Ring Signatures for E-Voting, E-Cashand Attestation” 3 Man Ho Au,Sherman S.M. Chow, Willy Susilo, and Patrick P. Tsang.

“Short Linkable RingSignatures Revisited”. 2Eiichiro Fujisaki,KoutarouSuzuki.”Traceable Ring Signatures” 1Ronald L. Rivest,Adi Shamir,and Yael Tauman.

“How to Leak a Secret”References: The ring signatures provide anonymity among the users in the ring or membersin the involved in the transaction which reveals no information. The enhancementof ring signatures is done through traceable ring signatures and linkable ring signatureswhich helped the development of cryptocurrency,bitcoin and Monero.Ring signaturescan also be included in Id based cryptography,bilinear pairings,oblivious transferand many more cryptographic fields.Ring signatures can be achieved in many likeaccountable ring signature,certificate based ring signature,threshold ring signatures,revocablering signatures and many more types of ring signatures to come which helps the userto protect his privacy.

Conclusion: It uses ring signatures hideinformation about all transaction.It provides all benefits of a decentralized cryptocurrencywithout any privacy issues.Monerois private It is secured digital cash operated by network of users. Transactionsare confirmed by the blockchain consensus protocols and then recorded on the blockchain.5Monerois secure 6Monero protectsprivacy in three ways, ring signatures enablle the sender to hide among others involvedin the transaction,hides receiving address of transaction and RingCT(Ring ConfidentialTransaction) hides the amount of transaction.Monero provides “privacy,anonymityand optionally transperant”.Cryptocurrencyis a digital property works as medium of exchange.It uses cryptography to securethe transactions.

Monero is the web application which is an open source crytpocurrency.Monerois based on CryptoNote protocol.Ring Signatures in web Applications: Direct AnonymousAttestation(DAA) it is used in the trusted computing group it solves the followingproblem, the user requests a provider for the platform which is trustable that istrusted platform module(TPM) for authentication.However, user wants his privacysuch that verifier should know user is using TPM but doesn’t want to know type ofTPM.Linkable RingSignatures are used in offline e-cash systems.The users take electronic coins whichconsists of numbers produced by users and signed by the bank. Each signature represents a given amount.These coins are later used in shops by using public key generated bythe bank so the users retain the anonymity.

The scheme of e-cash system is as followsthe group members in the group forms a group of users.The bank issues electroniccoins to the users.When the user uses money the privacy is restored.4 Applications: 3. Output Phase: A gives (ˆ?,M*, ?*,R*) and succeedsif R* ? S ˆ? is theoutput of SO (ˆs, ˆ M, ˆR).

VerifyR*(M*, ?*)=1,Link(ˆ?,?*)=1 and A never queried ˆs to CO(.).2.

Probing phase: A is given access to sign oracle SO(.,.,.)and outputs Sign(M,R) A has also givento corrupt oracle and outputs Ski.

1. Initialization phase: Key pairs {(Pki,Ski)}n(k)i=1 are generated by keyGen(1k) algorithm and set of public keys S={Pki}n(K)i=1 is given to A. Same as Unforgeabilityand linkability, A linkable ring signature scheme is unforgeable if for Probabilistic Polynomial Time adversary A andfor any polynomial n(.) the probabilty that A succeeds in the following game is negligable.

Non-slanderability: 3. Output Phase: A gives (Mi* ,? i *,Ri*) and succeeds if it holds that verifyRi*(Mi* ,? i *)=1,Link(? 1 *,? 2 *)=0.2. Probing phase: A is given access to sign oracle SO(.,.,.)and outputs Sign(M,R) A has also givento corrupt oracle and outputs Ski.1.

Initialization phase: Key pairs {(Pki,Ski)}n(k)i=1 are generated by keyGen(1k) algorithm and set of public keys S={Pki}n(K)i=1 is given to A. Same as Unforgeability,A linkable ring signature scheme is unforgeableif for Probabilistic Polynomial Time adversary A and for any polynomial n(.) theprobabilty that A succeeds in the following game is negligable.Linkabilty: 5. Output phase: The adversary gives a bits b’ and wins if b’=b.

4. Probing phase 2: A is again given access to CO and SO.Ifi0 or i1 is queried to CO , A fails and game terminates.3. Challenge Phase: A outputs message M,distinct indicesi0, i1 and a ring .,R ? S for which Pki0,Pki1and all keys in R are distinct. If i0,i1 was an output to CO corrupt orcale A failsand game terminates or else a random bit b is choosen and A is given Signib,SKib(M,R)à?.

2. Probing phase 1: A is given access to sign oracle SO(.,.

,.)and outputs Sign(M,R) A has also givento corrupt oracle and outputs wi, 1<=i<=n(k).1. Initialization phase: Key pairs {(Pki,Ski)}n(k)i=1 are generated by keyGen(1k,;wi) algorithm for randomly choosen wiand set of public keys S={Pki}n(K) i=1 is given to A A linkable ringsignature scheme is unforgeable if for ProbabilisticPolynomial Time adversary A and for any polynomial n(.) the probabilty that A succeeds in the following game is negligably close to 1/2.Linkable Anonymity: 3. Output Phase: A gives (M*, ?*,R*) and succeeds if VerifyR*(M*, ?*)=12. Probing phase: A is given access to sign oracle SO(.

,.,.)and outputs Sign(M,R) A has also givento corrupt oracle and outputs Ski.1.

Initialization phase: Key pairs {(Pki,Ski)}n(k)i=1 are generated by keyGen(1k) algorithm and set of public keys S={Pki}n(K)i=1 is given to A.A linkable ring signature scheme isunforgeable if for Probabilistic Polynomial Time adversary A and for any polynomialn(.) the probabilty that A succeeds in thefollowing game is negligable. Unforgeability: The linkable ring signatures willsatisfy the following properties of security3Security Properties : 2. Linking Correctness: Two signatures signed according to specificationare linked if they come from same signer.

If two signatues are signed accordingto specification do not share a common signer then they are not linked with overwhelmingprobablity.1. Verification Correctness: Inorder to accept during verificationthe signature must be signed as specification with overwhelming probablity.Linkable Ring Signatures must satisfy3 Link(?0,?1)à1/0: From input of two signatures it 1 or 0 .

Iflinked it gives 1 or else unlinked outputs 0.Verify(Y,M,?)à 1/0 : On input a set of Y of n public keys in Pk ,message m, and asignature returns 0 or 1 means reject or accept respectively,if (M, ?)is acceptedby the alogrithm message/signature pair is valid.Sign(Y,M,x)à ? :Ittakes a set of Y of n public keys in Pk where n?N is size of polynomialin ?, a message M,x ? SK whosecorresponding public key is contained in y,gives signature ?.KeyGen()à(ski,pki):This algorithm takes secuirty parameter as inputand gives the secret/public key pair(ski,pki) as output.

Sk and Pk denotes secretkey and public key respectively.Init(1?)0àparam :This algorithm takes security parameter ? as input and gives the param as output which is also a security parametercontains one among other things 1 ?. Thefollowing is syntax for the tuples:(Init,KeyGen,Sign,Verify,Link).

A linkable ring signature scheme is a five tuple algorithmSimilar to traceable ring signatures the linkable variantwill also have similar but this consists of five tuples as 3 explainsModel: A linkable ringsignature allows anyone to determine if two signatures have been signed from thesame group member or not. If a user signs only once from a group they can enjoyanonymity similar to original ring signatures.If same user sends twice then it can be known sent by the same group user. A twistin paradigm comes when same signer signs the two ring signatures but still unableto identify who the signer was.This is known linkable anonymity.Linkable Ring Signature: It solves thewhistle blower problem.Actually the problemconsider Alice is a journalist ,she secretly gets an information about the companyfrom the higher officer with respect to ring of higher officials.

She disclosesthe information by telling that information was from the one of the authoritieswithout revealing the name. On the other hand, Bob gets the opposite informationfrom the anither signture with respect to ring of higher officials and he announcesit to the social.Then Alice and Bob want to know if the information they got fromdifferent sources or if they are fooled from a dishonest person without tellingtheir source.By the traceable ring signature the official can be caught for sharingwrong information and he can be traced. Traceable ringsignature is functionally related to blind signatures so it can be applied to offlineanonymous e-cash system.

In original ringsignature group identification only works with group manager whereas the traceablering signature don’t. Anonymous votercan register on BBS- for instance some set of people discussing on an issue through Internet and wish not to revealanything about them on that issue as a result they dont involve in a trusted partyor setup a registration to vote.In ordinary ring signature every member in the ringhas to message however traceable ring signatures it is allowed.Applications of Traceable Ring Signatures2: User cant be accusedof signing the message with same tag. Adversary cannot produce tracable signaturegenerated by target withinthe publicly tracable mechanism it is infeasible to corruptall ring members but not the target.Exculpability: As long as thesender the messages with the different tags their identity is untracable.Similarlytwo messages with different tags are also unlinkable.

Anonymity: The total numberof signatures with same tag should not exceed the total numbers in the group.Tag Linkability: Any user who sendsthe two or more messages with the same tag can be traced and it is possible withpair of messages or signature and the tag.Public Traceability:The tracablering signatures are secure underfollowing properties2 Security Properties: 4).Trace : It takes tag and two message/signature pairs as input and givesany of the strings “indep,” “linked,” or pk, where pk ?pkN. 3). Ver: Algorithm takes tag, message and signature and outputs a bit.

2). Sig: Algorithm takes Secret Key Ski where i ?Ntag, and message m?{0,1}?, and outputs signature ? 1).Gen:Algorithm takes security parameter k ?N and gives a public/secret key pair(Pk,Sk). ? = (Gen,Sig,Ver,Trace), such that, for k ?z,the following is trueFrom 2 Tracable ring signature schemeis the tuple of algorithms Model: 2. A tracable ring signature has a tagL=(issue,Pk) where issue to refers to for example, an id of election or some somesocial issue and Pk is the set of public keys of members in the group. Similar tothe ring signature, the users in the group will verify the message but they willalso include the tag L in this scheme.However they cannot know the where the messageoriginated from.

If the signer again sends the message again with the same tag theusers find the tags in the message match and can know the who the signer is .General ringsignatures provides anonymity which the others who are not in ring can send themessage and information is hidden and not known to any of the other people inthe ring. So, traceable ring signatures are the extension to ring signatureswhich helps the reciver to trace the sender.Tracable Ring Signature:B). Linkable ring signatures.A). Tracable ring signatures.The ring signatures can be extendedto many fields which are associated with it.

Some of them are The verifier accepts the signature ifthe ring equation is satisfied or else it is rejectced. Figure2: Sign and Verify (https://cryptonote.org/inside) Ck,v(Y1,Y2,…,Yr)=v3).Verify the ring equation2).Calculate key k=H(m) k gives theencryption key.

1).Apply the public key on all Yi=g(Xi).According to 1 the verificationfollows as:Afterreceiving the message , the members in the group otherthan the signer needs tosee if the message is from their ring or not. So by the signers public key theywill get message by using hash of the message he received if encryption key issuccessful and he ultimately verifies the ring equation which the signer got inimplementation step 3.

Verification: Figure 1: Ring Signature 1 (P1,P2……Pr;v;X1,X2…….Xr).6).The signature with message m is definedto be (2r+1)tuple:5).Calculate signers private key Xs withXs=gs-1(Ys). Ck,v(Y1,Y2,…

,Yr)= v4). Solve the ring equation Ys.3).

Pick the random Xi for allother group members and calculate Yi=gi(Xi)2).Choose a random value v. K=H(m)1). Initially, the message is hashed andit is taken as symmetric key KThe 1 explains six steps to generatea ring signature by the signer This is the process through a signer a send message withinhis group without revealing any of his information.

The message is hashed withany of the hash functions , later the signer chooses two random values glue andXi then calculates Yi and ring equation respectively.Finally he calculates the private key of signers.Implementation:Ring verify: It gets a message m and asignature ? contains all public keys from users and outputs either TRUE or FALSE.Ring sign: It produces a ring sign ? fora message m, given public keys P1,P2…..Pk of ther ring members together with the secret key SK of the Sth sender(actualsender of message).

2) Ringverify1) RingsignRing Signature is composed of two primarydefinitionsI found a 1 better definitions toexplain the ring signatures Before proceedingit to the definitions, let us assume the sender is associated with public key Pkwhich shows the signature scheme like RSA.He can get connected to public keywith PkI directory or certificatesThe reciever has a secret key SK associated with him.Definition: In group signaturescan be formed when the users in the group wanted to share information about thevendor of the message, whereas the users in the ring signature don’t want to revealtheir information.The users in the group need not wait for central authenticationanyone in the group having public and private keys can send and receive messageswithin the group.The sender with his private key chooses the set of receivers withtheir public key and computes the signature.It is a type ofdigital signature in cryptography, in which a user in the group can send a messagewithin in the group who have the key. This ring signature offers security property,the other users in the group do not find the signer of the message. This was firstintroduced by Rivest,Shamir and Tauman in 2001.

Introduction: Ring Signature 8. References————————————————————— 137. Conclusion————————————————————– 126. Ringsignatures in web applications—————————— 11(c).

Applications————————————————- 10(b).Security—————————————————— 8(a).Model——————————————————– 7 II.

Linkablering signatures(c).Applications————————————————- 6(b).Security—————————————————— 6(a).Model——————————————————– 5 I. Traceablering signatures5. Typesof ring signatures4. Verification————————————————————- 43.

Implementation——————————————————- 32. Definition—————————————————————- 21. Introduction————————————————————- 2Table of contents Page no.