Study On The Ring Signature Scheme

With the quick development of computer and network, digital signature plays an important role in real life, and more and more new requirements are presented. There are many limitations about normal digital signature schemes for each signature is generated and verified by only one user and each user has only one key pair. As a result, a lot of special signature schemes are proposed such as group signature, ring signature, blind signature, proxy signature, threshold signature and so on. Ring signature allows a signer to sign a message while preserving anonymity behind a group, called a ring, which is selected by the signer. Compared with group signature, there is no group manager in the ring signature.Ring signature is a kind of simple group signature. The user in the ring can sign a message on behalf of the ring without the permit of other users. The verifier knows that the signature is from the ring, but don't know who the real signer is. Ring signature solves the problem of group manager's abusing privilege in the group signature and satisfies signer anonymity. It can be applied to many applications such as anonymous e-voting, e-government, e-cash, key-distribution and secure multi-computation. Ring signature is a hot spot in resent studies and we can see that the study of ring signature has an important significance.In this dissertation, we research raw ring signature and ring signature with other properties. The main content and contributions of this dissertation include: ring signature scheme with other properties, preventing anonymity abusing in ring signature scheme and shortening length of ring signature. The main contents we researched are described as follows.1. Forward-Secure Traceable Ring Signature. A traceable ring scheme is a ring signature except that it can restrict "excessive" anonymity. The traceable ring signature has a tag that consists of a list of ring members and an issue. A ring member can make any signed but anonymous opinion regarding the issue, but only once (per tag). If the signer signed the same or different messages again with the same tag, the "trace" algrithom can see that the two signatures are linked, whereas if he signed a different message with the same tag, then not only is it evident that they are linked, but the anonymity of the signer is revoked. The traceable ring signature can suit to many applications, such as an anonymous voting on a BBS. The problem of key exposure in a ring signature scheme is more serious. The exposure of one user's secret key will make all previous ring signatures invalid include what are signed by other ring members. Forward-security can preserve the validity of past signatures even if the current secret key has been compromised.This dissertation proposes to use the concept of forward-security to reduce the damage of exposure of any secret key of users in traceable ring signature and construct the forward-secure traceable ring signature scheme. That is, even when a secret key is compromised, previously generated ring signatures remain valid and do not need to be re-generated.2. Deniable Ring Signature Scheme of Sub-linear Size. Deniable ring signature scheme is another ring signature except that it can restrict "excessive" anonymity. In some situations, we need ring signature schemes with weak anonymity in which real signer can't deny the signature when dissension appears. Deniable ring signature offers "Confirmation/ Disavowal" algrithom to affirm the real signer by asking all ring members to do some operations.The signature length of almost all ring signature schemes is in general linear in the number of members. As a result, when the number of members is large, we need many memory spaces to store signatures and many computations to get signatures.This dissertation proposes a deniable ring signature scheme with efficient Confirmation/ Disavowal algrithom leaking no secret information. The signature length is O(N^1/2) where N is the number of users in the ring. Compared with convertible ring signature, real signer is unable to deny his signature in our scheme.3. Ring Blind Signature. Blind signature scheme is two-party protocol between a user and a signer. The user sends a piece of information m to the signer in a blinded form. Then the signer signs and returns it to the user. From this signature, the user can unblind and compute the signer's signature on message m. At the completion of the protocol, the signer knows neither the message m nor the signature associated with it. It is widely used in many applications like secure voting protocol and electronic payment systems when anonymity of a message is required. Group blind signature scheme combined group signature and blind signature and is used to construct electronic cash systems. However, the group manager of group blind signature scheme who plays the role of central bank in the real world has the unnecessary privilege to determine the issuing bank. But in real world, when the cash is distributed, the central bank is unable to know the issuing bank.This dissertation proposes a ring blind signature scheme which has the properties of ring signature and blind signature. The user sends a piece of information m to a ring member in a blinded form. Then the signer signs and returns it to the user. From this signature, the user can unblind and compute the signer's ring signature on message m. The verifier is made sure that the signature is from a member of the ring, and nobody can know the real signer. While the ring blind signature is applied to e-cash system, ring members play the role of banks and anyone including the central bank has the the unnecessary privilege to determine the issuing bank.4. Group-Oriented Ring Signature. Group-oriented ring signature allows the signer to hide his identity behind multiple groups. In a group-oriented ring signature scheme, a signer can sign message on behalf of the organization which he belongs to, and then take the public parameters of other organizations to form a ring signature. The size of the signature is only linear to the number of included organizations. Since the signer can include the whild member of a group at a time, group-oriented ring signature scheme is more efficient and practical than general ring signature scheme. In identity-committed signature schme, a member of an organization can sign a message on behalf of himself (regular signature) or the organization (identity-committed signature). In the latter case, the signer's identity is hidden from anyone, and the signer can open the signature by providing proofs. Identity-committed signature scheme can be extended to group-oriented ring signature scheme. This dissertation we analize an identity-committed signature scheme and the scheme doesn't satisfy the anonymity. Based on this scheme, we present a new identity-committed signature scheme and extend it to a group-oriented ring signature scheme. At last we analize the security of our scheme.5. Signcryption on Ring Signature. This dissertation we study an application extention of ring signature. We present a signcryption scheme based on ring signature and the scheme can be used as a designated receiver signcryption scheme which the sender send a signcryption of a message to the receiver and only the receiver can get the message and verify the signcryption while others are unable to know to whom the signcryption is sent. Our signcryption scheme satisfies unforgeability, confidentiality, signcryption anonymity and non-repudiation.