Efficient lattice-based traceable ring signature scheme with its application in blockchain

Abstract

Traceable ring signatures (TRSs) were proposed by Fujisaki and Suzuki (PKC 2007), which is a variant of ring signatures that aims to restrict excessive anonymity of them. If the signer signs two identical messages about the same group of ring members and issue, the two signatures will be detected, but the identity of the signer will not be disclosed; if the signer signs two different messages about the same group of ring members and issue, it allows to reveal the identity of the signer. This primitive is very useful in scenarios that require anonymous protection and avoid duplicate signatures, such as electronic voting, blockchain and Internet of Things. However, the existing post-quantum TRS schemes all have a long signature and low computational efficiency, which is far from practical application. In this paper, we propose an efficient lattice-based TRS scheme by improving DualRing that is a short ring signature scheme proposed by Yuen et al. (CRYPTO 2021). Among all existing post-quantum TRS schemes, the proposed scheme has the shortest signature for a ring size between 5 and 2000, and it is also the fastest one in signature generation, taking only about 0.4 s for a ring size of 1024. In the random oracle model, the proposed scheme is proved to satisfy anonymity, tag-linkability and exculpability under the Module Short Integer Solution and Module Learning With Errors hardness assumptions over lattice. In addition, to demonstrate the applicability of the proposed scheme, we develop a post-quantum blockchain model with access control based on it, which can be extended to Internet of Medical Things (IoMT), e-commerce, education, banking and other systems.