blocksight 2021-06-18 05:23:19 阅读数:215

本文一共[544]字，预计阅读时长:1分钟~

ring
signature
blockchain

In the last introduction Blind signature principle , A friend added that blind signature is currently used in electronic signature occasions .

Today, I will continue to talk about another variant of signature scheme -- Ring signature , Right now in privacy Monero There are applications in the project .

Ring signature allows a signer to sign on behalf of a signature set , At the same time, the anonymity of the signer's identity is guaranteed , The signer does not need the help of other members in the collection when signing （ Collaboration ）, Even without other members knowing , You only need to use your own private key and the public key of other members . The difference in verifying a signature is , Only verifiable signatures from group members , But there's no way to distinguish a particular member .

Ring signature technology is developed by Ron Rivest, Adi Shamir, and Yael Tauman Invented , On 2001 Published . Ring signature is named after its ring structure signature algorithm .

Ring signature is a special kind of signature , About group signature , No expansion , If you are interested, please refer to .

Ring signature satisfies the property ：

1. Unconditional anonymity : The attacker cannot determine which member of the group generated the signature , Even if the ring member's private key is obtained , The probability is no more than 1/r【r Is the number of members in the group 】.

2. Unforgeability : Other members of the group cannot forge the signature of the real signer , Even if the attacker obtains a valid ring signature , And not for news m Forge a signature .

Other properties , Such as correctness is obvious .

Sign contract : Select hash function Hash, Symmetric encryption algorithm E, secret key k, Message to be signed m, Group member public key $（P_1,P_2,...,P_r）$, The first j Members are real signers ,

Signature generation process ：

- Make k = hash ( m ),k As a symmetric encryption function E The key of
- Choose random values v
- Random selection r-1 It's worth ${x_1,x_2,x_4,...x_r}$, And calculate $y_i=g_i(x_i)$, The corresponding ${y_1,y_2,...,y_r} $（ except $y_j$）
- Make $C_{k,v}=(y_1,y_2,...,y_r)=v$ , To calculate the $y_j$
- $y_j$ Public key encryption gets , Using the private key to reverse compute $x_j=g_j^1(y_j)$
- Combined message m Ring signature of , It's a 2r + 1 Tuples $（P_1,P_2,...,P_r;v;x_1,x_2,...x_r）$ ,

Verify the signature ：

- Through the public key $P_1,...,P_r$, Calculation $y_i=g_i(x_i)$, Encrypted to get $y_1,...,y_r$
- Calculation k = Hash ( M ),
- Verify the equation $C_{k,v}(y_1,y_2,...,y_r)=v$ Is it true

The following is a detailed introduction to RSA A combined solution ！

Simplicity , All member public keys have the same n,$P_i$ representative $（n, e_i）$

- Select symmetric key ：k = hash(m);
- Randomly and evenly select the initial value v;
- The signers are other ring members with uniform random $x_i$, And calculate $y_i=g_i(x_i)$; function gi One way trapdoor function , May make $g_i(x)=x^{e_i}\ mod\ n$
- According to the combination function C(k,v) Formula , Calculate your own $y_{j'}$, among $E_k(m) = m\ xor\ k$

5. The signer uses the private key to solve $x_j=g_j^1(y_j)$ ;

6. Get the news m The signature on is $（P_1,P_2,...,P_r;v;x_1,x_2,...x_r）$ ;

Specific project code , Can be found in GitHub Find a lot of open source implementations in .

The key point of ring signature is , If you know the private key $sk_j$, So we can reverse it $x_i$, send $y_1,y_2,...,y_r$ Form a ring . It's like the signer found a rope , The math guarantees that only people with private keys , To connect the two ends of the rope , Form a ring . And once it's a ring , There's no trace at the joint of the ring , This makes it impossible for the verifier to determine where the ring is connected .

Ring signature can achieve a certain degree of anonymity , But the real signer will still be exposed in the ring . And in the current public chain Market , Compared with ring signature , Zero knowledge proof is still one of the best anonymous schemes .

BTW, There is also an interesting historical story about ring signatures , It can be traced back to France in the 17th century . According to legend , When the French ministers gave advice to the king , In order not to let the king find out who had the head , This kind of ring signature is adopted , The names of all the people are arranged in a circle , Hiding the order , There is no way for the initiators to investigate .

（ Picture source network ）

Link to the original text ：https://mp.weixin.qq.com/s/Yg0Niv2Avf7Toj6rUPZP8Q Welcome to the official account ：blocksight

Mathematics in blockchain - Blind signature （Blind Signature） Blind signature principle

Mathematics in blockchain - sigma agreement OR Proof& Signature sigma Protocol extension --OR proof

Mathematics in blockchain -sigma Deal with the Fiat-Shamir Transformation sigma Deal with the Fiat-Shamir Transformation

Mathematics in blockchain - What is zero knowledge proof ? What is zero knowledge proof

Mathematics in blockchain - RSA Non member proof of accumulator RSA Accumulator Non member proof and blockchain applications

Mathematics in blockchain - Accumulator( accumulator ) Accumulator and RSA Accumulator

Mathematics in blockchain - Kate promise batch opening Kate Promise volume Certification

Mathematics in blockchain - I promise Knowledge and commitment

Mathematics in blockchain - Pedersen Key sharing Pedersen Key sharing

Mathematics in blockchain - Pedersen promise Cryptography promises --Pedersen promise

Mathematics in blockchain - Inadvertently transmit Oblivious transport protocol

Mathematics in blockchain - RSA Algorithm encryption and decryption process and principle RSA Encryption and decryption algorithm

Mathematics in blockchain - BLS Threshold signature BLS m of n Threshold signature

Mathematics in blockchain - BLS Key aggregation BLS Key aggregation

Schorr Signature Basics Schorr Signature and elliptic curve

Mathematics in blockchain -Uniwap Automated market maker core algorithm analysis Uniwap Core algorithm analysis （ in ）

版权声明：本文为[blocksight]所创，转载请带上原文链接，感谢。 https://netfreeman.com/2021/05/20210531203242345i.html

- In depth analysis of the basic components of the defi loan agreement
- 美SEC指控区块链信贷公司非法出售超3000万美元证券
- 深度 | 巴菲特在数字资产的估值中错过了什么？
- The US SEC accused blockchain credit companies of illegally selling securities exceeding US $30 million
- What did Buffett miss in the valuation of digital assets?
- Solana上的跨链生态
- 广东省税务局区块链出口退税业务成功上线
- 区块链50收评 | 成分股涨跌不一 两极分化明显
- 新闻周刊 | 以太坊主网完成伦敦升级
- Cross chain ecology on Solana
- Guangdong provincial taxation bureau successfully launched the blockchain export tax rebate business
- Blockchain 50 closing comments | component stocks did not rise or fall significantly
- Newsweek - Ethereum main network upgraded in London
- 区块链大有前途，数字货币不会消失
- Blockchain has great prospects, and digital currency will not disappear
- 区块链中很重要的10个项目
- 解析去中心化衍生品三大流派：能否撼动中心化交易所地位？
- 技术周刊｜伦敦升级后以太坊平均每分钟燃烧2.36ETH
- 数字人民币本质上不也是人民币吗，为什么说能挑战美元霸权？
- 10 important projects in the blockchain
- Analyzing the three schools of decentralized derivatives: can we shake the status of centralized exchanges?
- Techweek London upgraded Ethereum burns an average of 2.36 eth per minute
- Isn't digital RMB also RMB in essence? Why can it challenge the hegemony of the US dollar?
- Blockchain practice (II) realization of pow workload proof | 15th day of settlement
- 外媒：美国新的比特币税收计划可能扼杀更环保的区块链技术
- Foreign media: the new bitcoin tax plan in the United States may stifle more environmentally friendly blockchain technology
- 【geth】Go调用智能合约 | 一起来学区块链
- 【geth】Go语言调用以太坊 | 一起来学区块链
- [get] go invokes the smart contract | together with the school district block chain
- [get] go language calls Ethereum | together with the school district block chain
- EIP-1559实施后 Gas为什么没有剧烈下降
- Why didn't gas drop sharply after the implementation of eip-1559
- 以太坊伦敦升级已完成 矿工有哪些注意事项?
- Ethereum London upgrade has been completed. What should miners pay attention to?
- 项目周刊｜以太坊在两天内销毁了新币发行量的36%
- Project weekly Ethereum destroyed 36% of the circulation of new coins in two days
- 加密企业如何通过区块链认证绿色能源？
- How can encryption enterprises certify green energy through blockchain?
- 从SEC主席最新演讲谈数字货币行业风控
- On risk control of digital currency industry from the latest speech of SEC Chairman
- DeFi 龙头的再进化之旅：纵览 Uniswap V3 生态全景
- The re evolution journey of defi leader: an overview of uniswap V3 ecology
- 英国拍卖行佳士得拍卖 Cryptopunks、Meebits、Bored Apes NFT
- 卡尔达诺报告：在 Wave Financial Group 的支持下实现完全中心化和全球金融普惠
- NFT，开启“元宇宙”的钥匙
- 以太坊燃烧第一个24小时：中文社区在关心什么
- British auction house Christie's auctions cryptopunks, meebits, bored apes NFT
- Caldano report: complete centralization and global financial inclusion with the support of wave financial group
- NFT, the key to the "meta universe"
- Ethereum burning for the first 24 hours: what does the Chinese community care about
- 趣币早报 |美国阻止财政部挑选加密货币的赢家和输家
- Qu coin morning post | the United States prevents the treasury from selecting the winners and losers of cryptocurrency
- 区块链 公钥 私钥 生成地址 关系
- Address relationship generated by blockchain public key and private key
- 如何实现去中心化跨链消息传递和资产转移？
- 以太坊伦敦升级：随之生效的以太坊EIP-1559是什么
- Tokemak能否支配更多DeFi流动性
- How to achieve decentralized cross chain messaging and asset transfer?
- Ethereum London upgrade: what is Ethereum eip-1559 in effect
- Can tokemak dominate more defi liquidity