Skip to main content
Springer Nature Link
Log in

Efficient Linkable Ring Signatures: New Framework and Post-quantum Instantiations

  • Conference paper
  • First Online:
Computer Security – ESORICS 2024 (ESORICS 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14985))

Included in the following conference series:

Abstract

In this paper, we introduce a new framework for constructing linkable ring signatures (LRS). Our framework is based purely on signatures of knowledge (SoK) which allows one to issue signatures on behalf of any NP-statement using the corresponding witness. Our framework enjoys the following advantages: (1) the security of the resulting LRS depends only on the security of the underlying SoK; (2) the resulting LRS naturally supports online/offline signing (resp. verification), where the output of the offline signing (resp. verification) can be re-used across signatures of the same ring. For a ring size n, our framework requires an SoK of the NP statement with size \(\log n\).

To instantiate our framework, we adapt the well-known post-quantum secure non-interactive argument of knowledge (NIAoK), ethSTARK, into an SoK. This SoK is inherently post-quantum secure and has a signature size poly-logarithmic in the size of the NP statement. Thus, our resulting LRS has a signature size of \(O(\text {polylog}(\log n))\). By comparison, existing post-quantum ring signatures, regardless of linkability considerations, have signature sizes of \(O(\log n)\) at best. Furthermore, leveraging online/offline verification, part of the verification of signatures on the same ring can be shared, resulting in a state-of-the-art amortized verification cost of \(O(\text {polylog}(\log n))\).

Our LRS also performs favourably against existing schemes in practical scenarios. Concretely, our scheme has the smallest signature size among all post-quantum linkable ring signatures with non-slanderability for ring size larger than 32. In our experiment, at 128-bit security and ring size of 1024, our LRS has a size of 29 KB, and an amortized verification cost of 0.3 ms, surpassing the state-of-the-art by a significant margin. Even without considering amortization, the verification time for a single signature is 128 ms, comparable to those featuring linear signature size. A similar performance advantage can also be seen at signing. Furthermore, our LRS has extremely short public keys (32 bytes), while public keys of existing constructions are in the order of kilobytes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    A Merkle path of a leaf node consists of all sibling nodes along the path from the root to the leaf node.

  2. 2.

    We remark that no concrete signature sizes in this setting were reported, and the adaption only provides one-time linkability.

  3. 3.

    https://github.com/yuxi16/Post-Quantum-Linkable-Ring-Signature.

References

  1. Aguilar Melchor, C., Bettaieb, S., Boyen, X., Fousse, L., Gaborit, P.: Adapting Lyubashevsky’s signature schemes to the ring signature setting. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) Progress in Cryptology – AFRICACRYPT 2013. AFRICACRYPT 2013: 6th International Conference on Cryptology in Africa, Cairo, Egypt, 22–24 June 2013, Proceedings 6. LNCS, vol. 7918, pp. 1–25. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38553-7_1

  2. Alberto Torres, W.A., et al.: Post-quantum one-time linkable ring signature and application to ring confidential transactions in blockchain (Lattice RingCT v1. 0). In: Susilo, W., Yang, G. (eds.) Information Security and Privacy: 23rd Australasian Conference, ACISP 2018, Wollongong, NSW, Australia, 11–13 July 2018, Proceedings 23, vol. 10946, pp. 558–576. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_32

  3. Albrecht, M.R., et al.: Feistel structures for MPC, and more. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11736, pp. 151–171. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29962-0_8

    Chapter  Google Scholar 

  4. Au, M.H., Liu, J.K., Susilo, W., Yuen, T.H.: Secure ID-based linkable and revocable-iff-linked ring signature with constant-size construction. Theoret. Comput. Sci. 469, 1–14 (2013)

    Article  MathSciNet  Google Scholar 

  5. Baum, C., Lin, H., Oechsner, S.: Towards practical lattice-based one-time linkable ring signatures. In: Naccache, D., et al. (eds.) Information and Communications Security: 20th International Conference, ICICS 2018, Lille, France, 29–31 October 2018, Proceedings, pp. 303–322. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01950-1_18

  6. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Fast Reed-Solomon Interactive Oracle Proofs of Proximity. In: ICALP 2018. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2018)

    Google Scholar 

  7. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive (2018)

    Google Scholar 

  8. Beullens, W., Katsumata, S., Pintore, F.: Calamari and Falafl: logarithmic (linkable) ring signatures from isogenies and lattices. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12492, pp. 464–492. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64834-3_16

    Chapter  Google Scholar 

  9. Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J., Petit, C.: Short accountable ring signatures based on DDH. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 243–265. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24174-6_13

    Chapter  Google Scholar 

  10. Bootle, J., Elkhiyaoui, K., Hesse, J., Manevich, Y.: DualDory: logarithmic-verifier linkable ring signatures through preprocessing. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds.) Computer Security – ESORICS 2022. ESORICS 2022. LNCS, vol. 13555, pp. 427–446. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17146-8_21

  11. Boyen, X., Haines, T.: Forward-secure linkable ring signatures. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 245–264. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_15

    Chapter  Google Scholar 

  12. Brakerski, Z., Kalai, Y.T.: A framework for efficient signatures, ring signatures and identity based encryption in the standard model. Cryptology ePrint Archive, Paper 2010/086 (2010). https://eprint.iacr.org/2010/086

  13. Chase, M., Lysyanskaya, A.: On signatures of knowledge. In: Dwork, C. (eds.) Advances in Cryptology-CRYPTO 2006: 26th Annual International Cryptology Conference, Santa Barbara, California, USA, 20–24 August 2006, Proceedings 26, pp. 78–96. Springer, Cham (2006). https://doi.org/10.1007/11818175_5

  14. Chaum, D., Van Heyst, E.: Group signatures. In: van Tilborg, H.C.A., Jajodia, S. (eds.) Advances in Cryptology-EUROCRYPT 1991: Workshop on the Theory and Application of Cryptographic Techniques Brighton, UK, 8–11 April 1991, Proceedings 10, pp. 257–265. Springer, Cham (1991). https://doi.org/10.1007/978-1-4419-5906-5_208

  15. Chen, L., et al.: Report on post-quantum cryptography, vol. 12. US Department of Commerce, National Institute of Standards and Technology (2016)

    Google Scholar 

  16. Chow, S.S., Liu, J.K., Wong, D.S.: Robust receipt-free election system with ballot secrecy and verifiability. In: NDSS, vol. 8, pp. 81–94 (2008)

    Google Scholar 

  17. Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal Gaussians. In: Canetti, R., Garay, J.A. (eds.) Advances in Cryptology – CRYPTO 2013. CRYPTO 2013. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40041-4_3

  18. Ducas, L., et al.: CRYSTALS-Dilithium: a lattice-based digital signature scheme. In: IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 238–268 (2018)

    Google Scholar 

  19. Esgin, M.F., Steinfeld, R., Liu, J.K., Liu, D.: Lattice-based zero-knowledge proofs: new techniques for shorter and faster constructions and applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 115–146. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_5

    Chapter  Google Scholar 

  20. Esgin, M.F., Steinfeld, R., Sakzad, A., Liu, J.K., Liu, D.: Short lattice-based one-out-of-many proofs and applications to ring signatures. In: Deng, R., Gauthier-Umana, V., Ochoa, M., Yung, M. (eds.) Applied Cryptography and Network Security: 17th International Conference, ACNS 2019, Bogota, Colombia, 5–7 June 2019, Proceedings 17, pp. 67–88. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_4

  21. Esgin, M.F., Steinfeld, R., Zhao, R.K.: MatRiCT+: more efficient post-quantum private blockchain payments. In: IEEE S &P 2022, pp. 1281–1298. IEEE (2022)

    Google Scholar 

  22. Fujisaki, E., Suzuki, K.: Traceable ring signature. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 181–200. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71677-8_13

    Chapter  Google Scholar 

  23. Goldberg, L., Papini, S., Riabzev, M.: Cairo–a Turing-complete STARK-friendly CPU architecture. Cryptology ePrint Archive (2021)

    Google Scholar 

  24. Groth, J., Kohlweiss, M.: One-Out-of-Many Proofs: or how to leak a secret and spend a coin. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 253–280. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_9

    Chapter  Google Scholar 

  25. Hu, M., Liu, Z.: Lattice-based linkable ring signature in the standard model. Cryptology ePrint Archive (2022)

    Google Scholar 

  26. Khaburzaniya, I., Chalkias, K., Lewi, K., Malvai, H.: Aggregating and thresholdizing hash-based signatures using STARKs. In: ACM CCS 2022, pp. 393–407 (2022)

    Google Scholar 

  27. Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_1

    Chapter  Google Scholar 

  28. Liu, J.K., Au, M.H., Susilo, W., Zhou, J.: Linkable ring signature with unconditional anonymity. IEEE Trans. Knowl. Data Eng. 26(1), 157–165 (2013)

    Article  Google Scholar 

  29. Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for Ad Hoc Groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_28

    Chapter  Google Scholar 

  30. Liu, J.K., Wong, D.S.: Linkable ring signatures: security models and new schemes. In: Gervasi, O., et al. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 614–623. Springer, Heidelberg (2005). https://doi.org/10.1007/11424826_65

    Chapter  Google Scholar 

  31. Liu, Z., Nguyen, K., Yang, G., Wang, H., Wong, D.S.: A lattice-based linkable ring signature supporting stealth addresses. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 726–746. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_35

    Chapter  Google Scholar 

  32. Lu, X., Au, M.H., Zhang, Z.: (Linkable) ring signature from hash-then-one-way signature. In: IEEE TrustCom 2019, pp. 578–585 (2019)

    Google Scholar 

  33. Lu, X., Au, M.H., Zhang, Z.: Raptor: a practical lattice-based (Linkable) ring signature. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 110–130. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21568-2_6

    Chapter  Google Scholar 

  34. Lyubashevsky, V.: Fiat-Shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 598–616. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_35

    Chapter  Google Scholar 

  35. Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_43

    Chapter  Google Scholar 

  36. Lyubashevsky, V., Nguyen, N.K., Seiler, G.: SMILE: set membership from ideal lattices with applications to ring signatures and confidential transactions. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 611–640. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_21

    Chapter  Google Scholar 

  37. Noether, S., Mackenzie, A., et al.: Ring confidential transactions. Ledger 1, 1–18 (2016)

    Article  Google Scholar 

  38. Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_32

    Chapter  Google Scholar 

  39. Scafuro, A., Zhang, B.: One-time traceable ring signatures. In: Bertino, E., Shulman, H., Waidner, M. (eds.) ESORICS 2021. LNCS, vol. 12973, pp. 481–500. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88428-4_24

    Chapter  Google Scholar 

  40. Szepieniec, A., Ashur, T., Dhooghe, S.: Rescue-prime: a standard specification (SoK). Cryptology ePrint Archive, Paper 2020/1143 (2020). https://eprint.iacr.org/2020/1143

  41. S. Team. ethstark documentation. IACR Cryptol. ePrint Arch., 2021:582 (2021)

    Google Scholar 

  42. Tsang, P.P., Wei, V.K.: Short linkable ring signatures for E-Voting, E-Cash and Attestation. In: Deng, R.H., Bao, F., Pang, H.H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 48–60. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31979-5_5

    Chapter  Google Scholar 

  43. Tsang, P.P., Wei, V.K., Chan, T.K., Au, M.H., Liu, J.K., Wong, D.S.: Separable linkable threshold ring signatures. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 384–398. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30556-9_30

    Chapter  Google Scholar 

  44. Wang, X., Chen, Yu., Ma, X.: Adding linkability to ring signatures with one-time signatures. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds.) ISC 2019. LNCS, vol. 11723, pp. 445–464. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-30215-3_22

    Chapter  Google Scholar 

  45. Xue, Y., Lu, X., Au, M.H., Zhang, C.: Efficient linkable ring signatures: new framework and post-quantum instantiations. Cryptology ePrint Archive, Paper 2024/553 (2024). https://eprint.iacr.org/2024/553

  46. Yang, R., Au, M.H., Lai, J., Xu, Q., Yu, Z.: Lattice-based techniques for accountable anonymity: composition of abstract Stern’s protocols and weak PRF with efficient protocols from LWR. Cryptology ePrint Archive (2017)

    Google Scholar 

  47. Yuen, T.H., Esgin, M.F., Liu, J.K., Au, M.H., Ding, Z.: DualRing: generic construction of ring signatures with efficient instantiations. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12825, pp. 251–281. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84242-0_10

    Chapter  Google Scholar 

  48. Zhang, H., Zhang, F., Tian, H., Au, M.H.: Anonymous post-quantum cryptocash. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 461–479. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_25

Download references

Acknowledgements

This work is partially supported by the General Research Fund of the Research Grant Council of Hong Kong (Project No.: 17201421, 15211120) and The Hong Kong Polytechnic University (Project No.: A0048350, P0046340, A0044374).

Author information

Authors and Affiliations

  1. The Hong Kong Polytechnic University, Hung Hom, Hong Kong

    Yuxi Xue, Xingye Lu & Man Ho Au

  2. The University of Hong Kong, Pok Fu Lam, Hong Kong

    Chengru Zhang

Authors
  1. Yuxi Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xingye Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Man Ho Au
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chengru Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xingye Lu .

Editor information

Editors and Affiliations

  1. Institut Polytechnique de Paris, Palaiseau, France

    Joaquin Garcia-Alfaro

  2. Bydgoszcz University of Science and Technology, Bydgoszcz, Poland

    Rafał Kozik

  3. Bydgoszcz University of Science and Technology, Bydgoszcz, Poland

    Michał Choraś

  4. Norwegian University of Science and Technology - NTNU, Gjøvik, Norway

    Sokratis Katsikas

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Xue, Y., Lu, X., Au, M.H., Zhang, C. (2024). Efficient Linkable Ring Signatures: New Framework and Post-quantum Instantiations. In: Garcia-Alfaro, J., Kozik, R., Choraś, M., Katsikas, S. (eds) Computer Security – ESORICS 2024. ESORICS 2024. Lecture Notes in Computer Science, vol 14985. Springer, Cham. https://doi.org/10.1007/978-3-031-70903-6_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-70903-6_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-70902-9

  • Online ISBN: 978-3-031-70903-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics