Kumawat, S., Paul, S. (2018). A New Constant-Size Accountable Ring Signature Scheme Without Random Oracles. In: Chen, X., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2017. Lecture Notes in Computer Science(), vol 10726. Springer, Cham. https://doi.org/10.1007/978-3-319-75160-3_11
Constant-Size Accountable Ring Signature
- Preliminaries
- A New Accountable Ring Signature Scheme
- ARS.Setup
- A R S . U K G e n ( p a r a m s ) {\rm ARS.UKGen}(params) ARS.UKGen(params)
- A R S . O K G e n ( p a r a m s ) {\rm ARS.OKGen}(params) ARS.OKGen(params)
- A R S . S i g n ( p a r a m s , m , s k , v k , R , e k , r ) {\rm ARS.Sign}(params, m, sk, vk, R, ek, r) ARS.Sign(params,m,sk,vk,R,ek,r)
- A R S . V e r i f y ( p a r a m s , m , σ , R , e k ) {\rm ARS.Verify}(params, m, σ, R, ek) ARS.Verify(params,m,σ,R,ek)
- A R S . O p e n ( p a r a m s , m , σ , R , e k , d k ) {\rm ARS.Open}(params, m, σ, R, ek, dk) ARS.Open(params,m,σ,R,ek,dk)
- A R S . J u d g e ( p a r a m s , m , σ , R , e k , v k , ϕ ) {\rm ARS.Judge}(params, m, σ, R, ek, vk, \phi) ARS.Judge(params,m,σ,R,ek,vk,ϕ)
Preliminaries
Indistinguishability Obfuscator( i O i\mathcal{O} iO)
如果一个PPT算法iO满足以下两个条件,我们就说它是一个 an indistinguishability obfuscator for a collection of circuits { C λ } \{C^\lambda\} {Cλ}
A New Accountable Ring Signature Scheme
ARS.Setup
- 需要一个可信权威,生成定义所需的密钥空间
- 为伪随机函数PPRFs F 1 , F 2 , F 3 F_1,F_2,F_3 F1,F2,F3分别选择 K 1 , K 2 , K 3 K_1,K_2,K_3 K1,K2,K3
- 创建obfuscated programs:
- S i g n = i O ( P S ) {\rm Sign} = i\mathcal{O}(\mathcal{P}_S) Sign=iO(PS)
- V e r i f y = i O ( P V ) {\rm Verify} = i\mathcal{O}(\mathcal{P}_V) Verify=iO(PV)
- N I Z K p r o v e = i O ( P N P ) {\rm NIZKprove} = i\mathcal{O}(\mathcal{P}_{NP}) NIZKprove=iO(PNP)
- N I Z K v e r i f y = i O ( P N V ) {\rm NIZKverify} = i\mathcal{O}(\mathcal{P}_{NV}) NIZKverify=iO(PNV)
A R S . U K G e n ( p a r a m s ) {\rm ARS.UKGen}(params) ARS.UKGen(params)
随机选择
s
k
sk
sk,并计算
v
k
=
f
(
s
k
)
vk=f(sk)
vk=f(sk)
(One-way function
f
:
{
0
,
1
}
l
s
→
{
0
,
1
}
l
v
f:\{0,1\}^{l_s} \rightarrow \{0,1\}^{l_v}
f:{0,1}ls→{0,1}lv)
A R S . O K G e n ( p a r a m s ) {\rm ARS.OKGen}(params) ARS.OKGen(params)
运行PKE.KGen生成 ( e k , d k ) (ek,dk) (ek,dk)
A R S . S i g n ( p a r a m s , m , s k , v k , R , e k , r ) {\rm ARS.Sign}(params, m, sk, vk, R, ek, r) ARS.Sign(params,m,sk,vk,R,ek,r)
运行 S i g n {\rm Sign} Sign,返回签名
A R S . V e r i f y ( p a r a m s , m , σ , R , e k ) {\rm ARS.Verify}(params, m, σ, R, ek) ARS.Verify(params,m,σ,R,ek)
运行 V e r i f y {\rm Verify} Verify,验证通过返回 c c c
A R S . O p e n ( p a r a m s , m , σ , R , e k , d k ) {\rm ARS.Open}(params, m, σ, R, ek, dk) ARS.Open(params,m,σ,R,ek,dk)
- 运行 V e r i f y {\rm Verify} Verify,找回 c c c
- 用 d k dk dk解密 c c c,输出验证密钥 v k vk vk
- 输出正确解密的证明 ϕ \phi ϕ,调用NIZKprove生成
A R S . J u d g e ( p a r a m s , m , σ , R , e k , v k , ϕ ) {\rm ARS.Judge}(params, m, σ, R, ek, vk, \phi) ARS.Judge(params,m,σ,R,ek,vk,ϕ)
- 运行 V e r i f y {\rm Verify} Verify,验证找回 c c c
- 运行 N I Z K v e r i f y ( ( e k ∣ ∣ c ∣ ∣ v k ) , φ ) = 1 {\rm NIZKverify}((ek||c||vk), φ) = 1 NIZKverify((ek∣∣c∣∣vk),φ)=1,返回1,否则返回0