A logarithmic-sized accountable ring signature scheme in the standard model

Abstract

Ring signature and group signature are two major cryptographic primitives providing users anonymity and authentication simultaneously. While both primitives enable any user to sign messages as a member of a set of users, the feature of ring signature is that a signer can choose a group in an ad-hoc manner, which is called a ring, by itself. Conversely, in group signature, a group membership is managed by some trusted third party, which is called a group manager, and an (appropriate) accountability is provided for the group manager to identify illegal anonymous signers. Accountable ring signature (ARS) is a cryptographic primitive combining the features of ring signature and group signature. ARS allows signers to choose their groups (rings) in an ad-hoc manner, and at the same time, maintain accountability by forcing them to select a designated opener who can identify them.In this paper, we propose the first ARS scheme with O(log⁡n) signature size in the standard model (without depending on the random oracle methodology), where n is the size of a ring. More precisely, we propose a new generic construction of ARS based on (standard) signature, (standard) public key encryption, non-interactive zero-knowledge proof system, somewhere perfectly binding hash function, and public key encryption with non-interactive opening. All building blocks for our ARS scheme can be obtained under the decisional linear (DLIN) assumption over bilinear groups.