“https://getmonero.org/”

6 Monero – secure, private, untraceable getmonero.org, The Monero Project

5 Shi-Feng

Sun, Man Ho Au, Joseph K. Liu, Tsz Hon Yuen, Dawu Gu “RingCT 2.0: A Compact Accumulator-Based

(Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero”

4 Patrick P.

Tsang and Victor K. Wei.” Short Linkable Ring Signatures for E-Voting, E-Cash

and Attestation”

3 Man Ho Au,

Sherman S.M. Chow, Willy Susilo, and Patrick P. Tsang. “Short Linkable Ring

Signatures Revisited”.

2

Eiichiro Fujisaki,Koutarou

Suzuki.”Traceable Ring Signatures”

1

Ronald L. Rivest,Adi Shamir,and Yael Tauman.”How to Leak a Secret”

References:

The ring signatures provide anonymity among the users in the ring or members

in the involved in the transaction which reveals no information. The enhancement

of ring signatures is done through traceable ring signatures and linkable ring signatures

which helped the development of cryptocurrency,bitcoin and Monero.Ring signatures

can also be included in Id based cryptography,bilinear pairings,oblivious transfer

and many more cryptographic fields.Ring signatures can be achieved in many like

accountable ring signature,certificate based ring signature,threshold ring signatures,revocable

ring signatures and many more types of ring signatures to come which helps the user

to protect his privacy.

Conclusion:

It uses ring signatures hide

information about all transaction.It provides all benefits of a decentralized cryptocurrency

without any privacy issues.

Monero

is private

It is secured digital cash

operated by network of users. Transactions

are confirmed by the blockchain consensus protocols and then recorded on the block

chain.

5Monero

is secure

6Monero protects

privacy in three ways, ring signatures enablle the sender to hide among others involved

in the transaction,hides receiving address of transaction and RingCT(Ring Confidential

Transaction) hides the amount of transaction.Monero provides “privacy,anonymity

and optionally transperant”.

Cryptocurrency

is a digital property works as medium of exchange.It uses cryptography to secure

the transactions. Monero is the web application which is an open source crytpocurrency.Monero

is based on CryptoNote protocol.

Ring Signatures in web Applications:

Direct Anonymous

Attestation(DAA) it is used in the trusted computing group it solves the following

problem, the user requests a provider for the platform which is trustable that is

trusted platform module(TPM) for authentication.However, user wants his privacy

such that verifier should know user is using TPM but doesn’t want to know type of

TPM.

Linkable Ring

Signatures are used in offline e-cash systems.The users take electronic coins which

consists of numbers produced by users and signed by the bank. Each signature represents a given amount.These coins are later used in shops by using public key generated by

the bank so the users retain the anonymity.The scheme of e-cash system is as follows

the group members in the group forms a group of users.The bank issues electronic

coins to the users.When the user uses money the privacy is restored.

4 Applications:

3.

Output Phase: A gives (ˆ?,M*, ?*,R*) and succeeds

if R* ? S ˆ? is the

output of SO (ˆs, ˆ M, ˆ

R).VerifyR*(M*, ?*)=1,Link(ˆ?,?*)=1 and A never queried ˆs to CO(.).

2.

Probing phase: A is given access to sign oracle SO(.,.,.)

and outputs Sign(M,R) A has also givento corrupt oracle and outputs Ski.

1.

Initialization phase: Key pairs {(Pki,Ski)}n(k)

i=1 are generated by keyGen(1k) algorithm and set of public keys S={Pki}n(K)

i=1 is given to A.

Same as Unforgeability

and linkability, A linkable ring signature

scheme is unforgeable if for Probabilistic Polynomial Time adversary A and

for any polynomial n(.) the probabilty that A succeeds in the following game is negligable.

Non-slanderability:

3.

Output Phase: A gives (Mi* ,? i *,Ri*) and succeeds if it holds that verifyRi*(Mi* ,? i *)=1,Link(? 1 *,? 2 *)=0.

2.

Probing phase: A is given access to sign oracle SO(.,.,.)

and outputs Sign(M,R) A has also givento corrupt oracle and outputs Ski.

1.

Initialization phase: Key pairs {(Pki,Ski)}n(k)

i=1 are generated by keyGen(1k) algorithm and set of public keys S={Pki}n(K)

i=1 is given to A.

Same as Unforgeability,

A linkable ring signature scheme is unforgeable

if for Probabilistic Polynomial Time adversary A and for any polynomial n(.) the

probabilty that A succeeds in the following game is negligable.

Linkabilty:

5.

Output phase: The adversary gives a bits b’ and wins if b’=b.

4.

Probing phase 2: A is again given access to CO and SO.If

i0 or i1 is queried to CO , A fails and game terminates.

3.

Challenge Phase: A outputs message M,distinct indices

i0, i1 and a ring .,R ? S for which Pki0,Pki1

and all keys in R are distinct. If i0,i1 was an output to CO corrupt orcale A fails

and game terminates or else a random bit b is choosen and A is given Signib,SKib(M,R)à?.

2.

Probing phase 1: A is given access to sign oracle SO(.,.,.)

and outputs Sign(M,R) A has also givento corrupt oracle and outputs wi, 1<=i<=n(k).
1.
Initialization phase: Key pairs {(Pki,Ski)}n(k)
i=1 are generated by keyGen(1k,;wi) algorithm for randomly choosen wi
and set of public keys S={Pki}n(K) i=1 is given to A
A linkable ring
signature scheme is unforgeable if for Probabilistic
Polynomial Time adversary A and for any polynomial n(.) the probabilty that A succeeds in the following game is negligably close to 1/2.
Linkable Anonymity:
3.
Output Phase: A gives (M*, ?*,R*) and succeeds if VerifyR*(M*, ?*)=1
2.
Probing phase: A is given access to sign oracle SO(.,.,.)
and outputs Sign(M,R) A has also givento corrupt oracle and outputs Ski.
1.
Initialization phase: Key pairs {(Pki,Ski)}n(k)
i=1 are generated by keyGen(1k) algorithm and set of public keys S={Pki}n(K)
i=1 is given to A.
A linkable ring signature scheme is
unforgeable if for Probabilistic Polynomial Time adversary A and for any polynomial
n(.) the probabilty that A succeeds in the
following game is negligable.
Unforgeability:
The linkable ring signatures will
satisfy the following properties of security3
Security Properties :
2.
Linking Correctness: Two signatures signed according to specification
are linked if they come from same signer. If two signatues are signed according
to specification do not share a common signer then they are not linked with overwhelming
probablity.
1.
Verification Correctness: Inorder to accept during verification
the signature must be signed as specification with overwhelming probablity.
Linkable Ring Signatures must satisfy3
Link(?0
,?1)à1/0: From input of two signatures it 1 or 0 .If
linked it gives 1 or else unlinked outputs 0.
Verify(Y,M,?)à 1/0 : On input a set of Y of n public keys in Pk ,message m, and a
signature returns 0 or 1 means reject or accept respectively,if (M, ?)is accepted
by the alogrithm message/signature pair is valid.
Sign(Y,M,x)à ? :It
takes a set of Y of n public keys in Pk where n?N is size of polynomial
in ?, a message M,x ? SK whose
corresponding public key is contained in y,gives signature ?.
KeyGen()à(ski,pki):This algorithm takes secuirty parameter as input
and gives the secret/public key pair(ski,pki) as output.Sk and Pk denotes secret
key and public key respectively.
Init(1?)0àparam :
This algorithm takes security parameter ? as input and gives the param as output which is also a security parameter
contains one among other things 1 ?.
The
following is syntax for the tuples:
(Init,KeyGen,Sign,Verify,Link).
A linkable ring signature scheme is a five tuple algorithm
Similar to traceable ring signatures the linkable variant
will also have similar but this consists of five tuples as 3 explains
Model:
A linkable ring
signature allows anyone to determine if two signatures have been signed from the
same group member or not. If a user signs only once from a group they can enjoy
anonymity similar to original ring signatures.
If same user sends twice then it can be known sent by the same group user. A twist
in paradigm comes when same signer signs the two ring signatures but still unable
to identify who the signer was.This is known linkable anonymity.
Linkable Ring Signature:
It solves the
whistle blower problem.Actually the problem
consider Alice is a journalist ,she secretly gets an information about the company
from the higher officer with respect to ring of higher officials. She discloses
the information by telling that information was from the one of the authorities
without revealing the name. On the other hand, Bob gets the opposite information
from the anither signture with respect to ring of higher officials and he announces
it to the social.Then Alice and Bob want to know if the information they got from
different sources or if they are fooled from a dishonest person without telling
their source.By the traceable ring signature the official can be caught for sharing
wrong information and he can be traced.
Traceable ring
signature is functionally related to blind signatures so it can be applied to offline
anonymous e-cash system.
In original ring
signature group identification only works with group manager whereas the traceable
ring signature don't.
Anonymous voter
can register on BBS- for instance some set of people discussing on an issue through Internet and wish not to reveal
anything about them on that issue as a result they dont involve in a trusted party
or setup a registration to vote.In ordinary ring signature every member in the ring
has to message however traceable ring signatures it is allowed.
Applications of Traceable Ring Signatures2:
User cant be accused
of signing the message with same tag. Adversary cannot produce tracable signature
generated by target withinthe publicly tracable mechanism it is infeasible to corrupt
all ring members but not the target.
Exculpability:
As long as the
sender the messages with the different tags their identity is untracable.Similarly
two messages with different tags are also unlinkable.
Anonymity:
The total number
of signatures with same tag should not exceed the total numbers in the group.
Tag Linkability:
Any user who sends
the two or more messages with the same tag can be traced and it is possible with
pair of messages or signature and the tag.
Public Traceability:
The tracable
ring signatures are secure under
following properties2
Security Properties:
4).Trace : It takes tag and two message/signature pairs as input and gives
any of the strings "indep," "linked," or pk, where pk ?pkN.
3). Ver: Algorithm takes tag, message and signature and outputs a bit.
2). Sig: Algorithm takes Secret Key Ski where i ?N
tag, and message m?{0,1}?, and outputs signature ?
1).Gen:
Algorithm takes security parameter k ?N and gives a public/secret key pair(Pk,Sk).
? = (Gen,Sig,Ver,Trace), such that, for k ?z,
the following is true
From 2 Tracable ring signature scheme
is the tuple of algorithms
Model:
2. A tracable ring signature has a tag
L=(issue,Pk) where issue to refers to for example, an id of election or some some
social issue and Pk is the set of public keys of members in the group. Similar to
the ring signature, the users in the group will verify the message but they will
also include the tag L in this scheme.However they cannot know the where the message
originated from. If the signer again sends the message again with the same tag the
users find the tags in the message match and can know the who the signer is .
General ring
signatures provides anonymity which the others who are not in ring can send the
message and information is hidden and not known to any of the other people in
the ring. So, traceable ring signatures are the extension to ring signatures
which helps the reciver to trace the sender.
Tracable Ring Signature:
B). Linkable ring signatures.
A). Tracable ring signatures.
The ring signatures can be extended
to many fields which are associated with it.Some of them are
The verifier accepts the signature if
the ring equation is satisfied or else it is rejectced.
Figure
2: Sign and Verify (https://cryptonote.org/inside)
Ck,v(Y1,Y2,...,Yr)
=v
3).Verify the ring equation
2).Calculate key k=H(m) k gives the
encryption key.
1).Apply the public key on all Yi=g(Xi).
According to 1 the verification
follows as:
After
receiving the message , the members in the group otherthan the signer needs to
see if the message is from their ring or not. So by the signers public key they
will get message by using hash of the message he received if encryption key is
successful and he ultimately verifies the ring equation which the signer got in
implementation step 3.
Verification:
Figure 1: Ring Signature 1
(P1,P2……Pr;v;X1,X2…….Xr).
6).The signature with message m is defined
to be (2r+1)tuple:
5).Calculate signers private key Xs with
Xs=gs-1(Ys).
Ck,v(Y1,Y2,...,Yr)
= v
4). Solve the ring equation Ys.
3).Pick the random Xi for all
other group members and calculate Yi=gi(Xi)
2).Choose a random value v.
K=H(m)
1). Initially, the message is hashed and
it is taken as symmetric key K
The 1 explains six steps to generate
a ring signature by the signer
This is the process through a signer a send message within
his group without revealing any of his information. The message is hashed with
any of the hash functions , later the signer chooses two random values glue and
Xi then calculates Yi and ring equation respectively.
Finally he calculates the private key of signers.
Implementation:
Ring verify: It gets a message m and a
signature ? contains all public keys from users and outputs either TRUE or FALSE.
Ring sign: It produces a ring sign ? for
a message m, given public keys P1,P2…..Pk of the
r ring members together with the secret key SK of the Sth sender(actual
sender of message).
2)
Ring
verify
1)
Ring
sign
Ring Signature is composed of two primary
definitions
I found a 1 better definitions to
explain the ring signatures
Before proceeding
it to the definitions, let us assume the sender is associated with public key Pk
which shows the signature scheme like RSA.He can get connected to public key
with PkI directory or certificates
The reciever has a secret key SK associated with him.
Definition:
In group signatures
can be formed when the users in the group wanted to share information about the
vendor of the message, whereas the users in the ring signature don't want to reveal
their information.The users in the group need not wait for central authentication
anyone in the group having public and private keys can send and receive messages
within the group.The sender with his private key chooses the set of receivers with
their public key and computes the signature.
It is a type of
digital signature in cryptography, in which a user in the group can send a message
within in the group who have the key. This ring signature offers security property,
the other users in the group do not find the signer of the message. This was first
introduced by Rivest,Shamir and Tauman in 2001.
Introduction:
Ring Signature
8.
References--------------------------------------------------------------- 13
7.
Conclusion-------------------------------------------------------------- 12
6.
Ring
signatures in web applications------------------------------ 11
(c).Applications------------------------------------------------- 10
(b).Security------------------------------------------------------ 8
(a).Model-------------------------------------------------------- 7
II.
Linkable
ring signatures
(c).Applications------------------------------------------------- 6
(b).Security------------------------------------------------------ 6
(a)
.Model-------------------------------------------------------- 5
I.
Traceable
ring signatures
5.
Types
of ring signatures
4.
Verification------------------------------------------------------------- 4
3.
Implementation------------------------------------------------------- 3
2.
Definition---------------------------------------------------------------- 2
1.
Introduction------------------------------------------------------------- 2
Table of contents Page no.