Ring Signatures: Stronger Definitions, and Constructions without Random Oracles

Bender, Adam; Katz, Jonathan; Morselli, Ruggero

doi:10.1007/s00145-007-9011-9

Cited by 136 publications

(152 citation statements)

References 26 publications

Supporting

Mentioning

151

Contrasting

Order By: Relevance

“…The definition below implies anonymity against full key exposure attacks [BKM09] as in the game the adversary is allowed to choose the secret signing keys of the users.…”

Section: Bootle Et Al Scheme [Bcc + 15]mentioning

confidence: 99%

Foundations of Fully Dynamic Group Signatures

Bootle

Cerulli

Chaidos

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…The definition below implies anonymity against full key exposure attacks [BKM09] as in the game the adversary is allowed to choose the secret signing keys of the users.…”

Section: Bootle Et Al Scheme [Bcc + 15]mentioning

confidence: 99%

Foundations of Fully Dynamic Group Signatures

Bootle

Cerulli

Chaidos

et al. 2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

“…Our definition of unforgeability is slightly stronger than the strongest notion, existential unforgeability with respect to insider corruption [2], in which we allow the adversary to issue signature query on behalf of arbitrary ring without supplying the corresponding secret key.…”

Section: Definition 4 (Unforgeability)mentioning

confidence: 99%

“…It means that given a message m and a signature (σ, R), it is infeasible to determine who created the signature, even if all the secret keys are known. The formal definition is adapted from [2] for general ring signatures against full key exposure. Note that we allow the common reference string to be maliciously generated in this model.…”

Section: Definition 4 (Unforgeability)mentioning

confidence: 99%

“…We first describe our construction of a two-party ring signature, which is essentially the scheme from [2] with a proof-of-correctness added to the public key.…”

Section: Constructionsmentioning

confidence: 99%

“…The general version of Bender et al [2] uses generic ZAPs for NP as a building block and is inefficient. They also proposed an efficient twoparty ring signature scheme under standard assumptions in a weaker security model.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Two-Party (Blind) Ring Signatures and Their Applications

Susilo

2014

Information Security Practice and Experience

View full text Add to dashboard Cite

Abstract. Ring signatures, introduced by Rivest, Shamir and Tauman, attest the fact that one member from a ring of signers has endorsed the message but no one can identify who from the ring is actually responsible for its generation. It was designed canonically for secret leaking. Since then, various applications have been discovered. For instance, it is a building block of optimistic fair exchange, destinated verifier signatures and ad-hoc key exchange. Interestingly, many of these applications require the signer to create a ring signature on behalf of two possible signers (a two-party ring signature) only. An efficient two-party ring signature scheme due to Bender, Katz, and Morselli, is known. Unfortunately, it cannot be used in many of the aforementioned applications since it is secure only in a weaker model. In this paper, we revisit their construction and proposed a scheme that is secure in the strongest sense. In addition, we extend the construction to a two-party blind ring signature. Our proposals are secure in the standard model under well-known number-theoretic assumptions. Finally, we discuss the applications of our construction, which include designated verifier signatures, optimistic fair exchange and fair outsourcing of computational task.

show abstract

Sequential Aggregate Signatures and Multisignatures Without Random Oracles

Ostrovsky

Sahai

et al. 2006

Lecture Notes in Computer Science

267

284

View full text Add to dashboard Cite

Abstract. We present the first aggregate signature, the first multisignature, and the first verifiably encrypted signature provably secure without random oracles. Our constructions derive from a novel application of a recent signature scheme due to Waters. Signatures in our aggregate signature scheme are sequentially constructed, but knowledge of the order in which messages were signed is not necessary for verification. The aggregate signatures obtained are shorter than Lysyanskaya et al. sequential aggregates and can be verified more efficiently than Boneh et al. aggregates. We also consider applications to secure routing and proxy signatures.

show abstract

Ring Signatures: Stronger Definitions, and Constructions without Random Oracles

Cited by 136 publications

References 26 publications

Foundations of Fully Dynamic Group Signatures

Foundations of Fully Dynamic Group Signatures

Two-Party (Blind) Ring Signatures and Their Applications

Sequential Aggregate Signatures and Multisignatures Without Random Oracles

Contact Info

Product

Resources

About