This paper studies the relations among several definitions of anonymity for ring signature schemes in the same attack environment. It is shown that one intuitive and two technical definitions we consider are asymptotically equivalent, and the indistinguishability-based technical definition is the strongest, i.e., the most secure when achieved, when the exact reduction cost is taken into account. We then extend our result to the threshold case where a subset of members cooperate to create a signature. The threshold setting makes the notion of anonymity more complex and yields a greater variety of definitions. We explore several notions and observe certain relation does not seem hold unlike the simple single-signer case. Nevertheless, we see that an indistinguishability-based definition is the most favorable in the threshold case. We also study the notion of linkability and present a simple scheme that achieves both anonymity and linkability.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Miyako OHKUBO, Masayuki ABE, "On the Definitions of Anonymity for Ring Signatures" in IEICE TRANSACTIONS on Fundamentals,
vol. E91-A, no. 1, pp. 272-282, January 2008, doi: 10.1093/ietfec/e91-a.1.272.
Abstract: This paper studies the relations among several definitions of anonymity for ring signature schemes in the same attack environment. It is shown that one intuitive and two technical definitions we consider are asymptotically equivalent, and the indistinguishability-based technical definition is the strongest, i.e., the most secure when achieved, when the exact reduction cost is taken into account. We then extend our result to the threshold case where a subset of members cooperate to create a signature. The threshold setting makes the notion of anonymity more complex and yields a greater variety of definitions. We explore several notions and observe certain relation does not seem hold unlike the simple single-signer case. Nevertheless, we see that an indistinguishability-based definition is the most favorable in the threshold case. We also study the notion of linkability and present a simple scheme that achieves both anonymity and linkability.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1093/ietfec/e91-a.1.272/_p
Copy
@ARTICLE{e91-a_1_272,
author={Miyako OHKUBO, Masayuki ABE, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={On the Definitions of Anonymity for Ring Signatures},
year={2008},
volume={E91-A},
number={1},
pages={272-282},
abstract={This paper studies the relations among several definitions of anonymity for ring signature schemes in the same attack environment. It is shown that one intuitive and two technical definitions we consider are asymptotically equivalent, and the indistinguishability-based technical definition is the strongest, i.e., the most secure when achieved, when the exact reduction cost is taken into account. We then extend our result to the threshold case where a subset of members cooperate to create a signature. The threshold setting makes the notion of anonymity more complex and yields a greater variety of definitions. We explore several notions and observe certain relation does not seem hold unlike the simple single-signer case. Nevertheless, we see that an indistinguishability-based definition is the most favorable in the threshold case. We also study the notion of linkability and present a simple scheme that achieves both anonymity and linkability.},
keywords={},
doi={10.1093/ietfec/e91-a.1.272},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - On the Definitions of Anonymity for Ring Signatures
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 272
EP - 282
AU - Miyako OHKUBO
AU - Masayuki ABE
PY - 2008
DO - 10.1093/ietfec/e91-a.1.272
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E91-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2008
AB - This paper studies the relations among several definitions of anonymity for ring signature schemes in the same attack environment. It is shown that one intuitive and two technical definitions we consider are asymptotically equivalent, and the indistinguishability-based technical definition is the strongest, i.e., the most secure when achieved, when the exact reduction cost is taken into account. We then extend our result to the threshold case where a subset of members cooperate to create a signature. The threshold setting makes the notion of anonymity more complex and yields a greater variety of definitions. We explore several notions and observe certain relation does not seem hold unlike the simple single-signer case. Nevertheless, we see that an indistinguishability-based definition is the most favorable in the threshold case. We also study the notion of linkability and present a simple scheme that achieves both anonymity and linkability.
ER -