Ring signature in blockchain

blocksight 2021-06-18 05:23:19 阅读数:215

ring signature blockchain

Write it at the front

In the last introduction Blind signature principle , A friend added that blind signature is currently used in electronic signature occasions .

Today, I will continue to talk about another variant of signature scheme -- Ring signature , Right now in privacy Monero There are applications in the project .

Ring signature (ring Signature)

Ring signature allows a signer to sign on behalf of a signature set , At the same time, the anonymity of the signer's identity is guaranteed , The signer does not need the help of other members in the collection when signing ( Collaboration ), Even without other members knowing , You only need to use your own private key and the public key of other members . The difference in verifying a signature is , Only verifiable signatures from group members , But there's no way to distinguish a particular member .

Ring signature technology is developed by Ron Rivest, Adi Shamir, and Yael Tauman Invented , On 2001 Published . Ring signature is named after its ring structure signature algorithm .

Ring signature is a special kind of signature , About group signature , No expansion , If you are interested, please refer to .

Ring signature satisfies the property :

1. Unconditional anonymity : The attacker cannot determine which member of the group generated the signature , Even if the ring member's private key is obtained , The probability is no more than 1/r【r Is the number of members in the group 】.

2. Unforgeability : Other members of the group cannot forge the signature of the real signer , Even if the attacker obtains a valid ring signature , And not for news m Forge a signature .

Other properties , Such as correctness is obvious .

Ring signature process

Sign contract : Select hash function Hash, Symmetric encryption algorithm E, secret key k, Message to be signed m, Group member public key $(P_1,P_2,...,P_r)$, The first j Members are real signers ,

Signature generation process :

  1. Make k = hash ( m ),k As a symmetric encryption function E The key of
  2. Choose random values v
  3. Random selection r-1 It's worth ${x_1,x_2,x_4,...x_r}$, And calculate $y_i=g_i(x_i)$, The corresponding ${y_1,y_2,...,y_r} $( except $y_j$)
  4. Make $C_{k,v}=(y_1,y_2,...,y_r)=v$ , To calculate the $y_j$
  5. $y_j$ Public key encryption gets , Using the private key to reverse compute $x_j=g_j^1(y_j)$
  6. Combined message m Ring signature of , It's a 2r + 1 Tuples $(P_1,P_2,...,P_r;v;x_1,x_2,...x_r)$ ,

Verify the signature :

  1. Through the public key $P_1,...,P_r$, Calculation $y_i=g_i(x_i)$, Encrypted to get $y_1,...,y_r$
  2. Calculation k = Hash ( M ),
  3. Verify the equation $C_{k,v}(y_1,y_2,...,y_r)=v$ Is it true

The following is a detailed introduction to RSA A combined solution !

RSA Ring signature

Simplicity , All member public keys have the same n,$P_i$ representative $(n, e_i)$

  1. Select symmetric key :k = hash(m);
  2. Randomly and evenly select the initial value v;
  3. The signers are other ring members with uniform random $x_i$, And calculate $y_i=g_i(x_i)$; function gi One way trapdoor function , May make $g_i(x)=x^{e_i}\ mod\ n$
  4. According to the combination function C(k,v) Formula , Calculate your own $y_{j'}$, among $E_k(m) = m\ xor\ k$

5. The signer uses the private key to solve $x_j=g_j^1(y_j)$ ;

6. Get the news m The signature on is $(P_1,P_2,...,P_r;v;x_1,x_2,...x_r)$ ;

Specific project code , Can be found in GitHub Find a lot of open source implementations in .


The key point of ring signature is , If you know the private key $sk_j$, So we can reverse it $x_i$, send $y_1,y_2,...,y_r$ Form a ring . It's like the signer found a rope , The math guarantees that only people with private keys , To connect the two ends of the rope , Form a ring . And once it's a ring , There's no trace at the joint of the ring , This makes it impossible for the verifier to determine where the ring is connected .

Ring signature can achieve a certain degree of anonymity , But the real signer will still be exposed in the ring . And in the current public chain Market , Compared with ring signature , Zero knowledge proof is still one of the best anonymous schemes .

BTW, There is also an interesting historical story about ring signatures , It can be traced back to France in the 17th century . According to legend , When the French ministers gave advice to the king , In order not to let the king find out who had the head , This kind of ring signature is adopted , The names of all the people are arranged in a circle , Hiding the order , There is no way for the initiators to investigate .

( Picture source network )

Link to the original text :https://mp.weixin.qq.com/s/Yg0Niv2Avf7Toj6rUPZP8Q Welcome to the official account :blocksight

Related reading

Mathematics in blockchain - Blind signature (Blind Signature) Blind signature principle

Mathematics in blockchain - sigma agreement OR Proof& Signature sigma Protocol extension --OR proof

Mathematics in blockchain -sigma Deal with the Fiat-Shamir Transformation sigma Deal with the Fiat-Shamir Transformation

Mathematics in blockchain - What is zero knowledge proof ? What is zero knowledge proof

Mathematics in blockchain - RSA Non member proof of accumulator RSA Accumulator Non member proof and blockchain applications

Mathematics in blockchain - Accumulator( accumulator ) Accumulator and RSA Accumulator

Mathematics in blockchain - Kate promise batch opening Kate Promise volume Certification

Mathematics in blockchain - I promise Knowledge and commitment

Mathematics in blockchain - Pedersen Key sharing Pedersen Key sharing

Mathematics in blockchain - Pedersen promise Cryptography promises --Pedersen promise

Mathematics in blockchain - Inadvertently transmit Oblivious transport protocol

Mathematics in blockchain - RSA Algorithm encryption and decryption process and principle RSA Encryption and decryption algorithm

Mathematics in blockchain - BLS Threshold signature BLS m of n Threshold signature

Mathematics in blockchain - BLS Key aggregation BLS Key aggregation

Schorr Signature Basics Schorr Signature and elliptic curve

Mathematics in blockchain -Uniwap Automated market maker core algorithm analysis Uniwap Core algorithm analysis ( in )

版权声明:本文为[blocksight]所创,转载请带上原文链接,感谢。 https://netfreeman.com/2021/05/20210531203242345i.html