Shorter Ring Signatures from Standard Assumptions

González, Alonso

doi:10.1007/978-3-030-17253-4_4

Cited by 5 publications

(4 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, it is not clear how to adapt their approach without using generic NIZK. Assuming a common reference string, constructions with sub-linear-size signatures in the standard model were given in [22,44,28]. Malavolta and Schröder [60] used SNARKs (and thus non-falsifiable assumptions) to obtain constant-size signatures.…”

Section: One-shot Fiat-shamir-based Nizk Arguments Of Composite Resid...mentioning

confidence: 99%

One-Shot Fiat-Shamir-Based NIZK Arguments of Composite Residuosity and Logarithmic-Size Ring Signatures in the Standard Model

Libert

Nguyen

Peters

et al. 2022

Advances in Cryptology – EUROCRYPT 2022

View full text Add to dashboard Cite

The standard model security of the Fiat-Shamir transform has been an active research area for many years. In breakthrough results, Canetti et al. (STOC'19) and showed that, under the Learning-With-Errors (LWE) assumption, it provides soundness by applying correlation-intractable (CI) hash functions to so-called trapdoor Σ-protocols. In order to be compatible with CI hash functions based on standard LWE assumptions with polynomial approximation factors, all known such protocols have been obtained via parallel repetitions of a basic protocol with binary challenges. In this paper, we consider languages related to Paillier's composite residuosity assumption (DCR) for which we give the first trapdoor Σ-protocols providing soundness in one shot, via exponentially large challenge spaces. This improvement is analogous to the one enabled by Schnorr over the original Fiat-Shamir protocol in the random oracle model. Using the correlation-intractable hash function paradigm, we then obtain simulation-sound NIZK arguments showing that an element of Z * N 2 is a composite residue, which opens the door to space-efficient applications in the standard model. As a concrete example, we build logarithmic-size ring signatures (assuming a common reference string) with the shortest signature length among schemes based on standard assumptions in the standard model. We prove security under the DCR and LWE assumptions, while keeping the signature size comparable with that of random-oracle-based schemes.

show abstract

Section: One-shot Fiat-shamir-based Nizk Arguments Of Composite Resid...mentioning

confidence: 99%

One-Shot Fiat-Shamir-Based NIZK Arguments of Composite Residuosity and Logarithmic-Size Ring Signatures in the Standard Model

Libert

Nguyen

Peters

et al. 2022

Advances in Cryptology – EUROCRYPT 2022

View full text Add to dashboard Cite

show abstract

“…Then, Chandran, Groth, and Sahai [CGS07] proposed the first sublinear-size ring signature scheme based on the composite order groups with bilinear maps. Moreover, Gonzalez [Gon19] recently improved the signature size of their construction.…”

Section: Related Workmentioning

confidence: 99%

“…So far, a lot of ring signature schemes with unconditional anonymity has been proposed in the common reference string (CRS) model and in the random oracle model (e.g., [DKNS04], [DRS18], [CGS07], [Gon19], [GK15], [LPQ18], [MS17], [RST01]). On the other hand, in the plain model, we have only one scheme proposed by Malavolta and Schröder [MS17].…”

mentioning

confidence: 99%

Ring Signature With Unconditional Anonymity in the Plain Model

Hara

Tanaka

2021

IEEE Access

View full text Add to dashboard Cite

“…Indeed, suppose that we want to prove that a commitment opens to a bit, that is, that the opening of some commitments satisfies the quadratic equation X(X − 1) = 0. This often appears as part of a larger proof, for example in ring signatures [8,14,15], e-voting [7] or range proofs [6]. To prove that a commitment opens to a bit, Groth-Sahai proofs proceed as follows:…”

Section: Introductionmentioning

confidence: 99%

QA-NIZK Arguments of Same Opening for Bilateral Commitments

Ràfols

Silva

2020

Progress in Cryptology - AFRICACRYPT 2020

View full text Add to dashboard Cite

Zero-knowledge proofs of satisfiability of linear equations over a group are often used as a building block of more complex protocols. In particular, in an asymmetric bilinear group we often have two commitments in different sides of the pairing, and we want to prove that they open to the same value. This problem was tackled by González, Hevia and Ràfols (ASIACRYPT 2015), who presented an aggregated proof, in the QA-NIZK setting, consisting of only four group elements. In this work, we present a more efficient proof, which is based on the same assumptions and consists of three group elements. We argue that our construction is optimal in terms of proof size.

show abstract

Shorter Ring Signatures from Standard Assumptions

Cited by 5 publications

References 27 publications

One-Shot Fiat-Shamir-Based NIZK Arguments of Composite Residuosity and Logarithmic-Size Ring Signatures in the Standard Model

One-Shot Fiat-Shamir-Based NIZK Arguments of Composite Residuosity and Logarithmic-Size Ring Signatures in the Standard Model

Ring Signature With Unconditional Anonymity in the Plain Model

QA-NIZK Arguments of Same Opening for Bilateral Commitments

Contact Info

Product

Resources

About