blocksight 2021-06-18 05:23:19 阅读数:176

本文一共[544]字，预计阅读时长:1分钟~

ring
signature
blockchain

In the last introduction Blind signature principle , A friend added that blind signature is currently used in electronic signature occasions .

Today, I will continue to talk about another variant of signature scheme -- Ring signature , Right now in privacy Monero There are applications in the project .

Ring signature allows a signer to sign on behalf of a signature set , At the same time, the anonymity of the signer's identity is guaranteed , The signer does not need the help of other members in the collection when signing （ Collaboration ）, Even without other members knowing , You only need to use your own private key and the public key of other members . The difference in verifying a signature is , Only verifiable signatures from group members , But there's no way to distinguish a particular member .

Ring signature technology is developed by Ron Rivest, Adi Shamir, and Yael Tauman Invented , On 2001 Published . Ring signature is named after its ring structure signature algorithm .

Ring signature is a special kind of signature , About group signature , No expansion , If you are interested, please refer to .

Ring signature satisfies the property ：

1. Unconditional anonymity : The attacker cannot determine which member of the group generated the signature , Even if the ring member's private key is obtained , The probability is no more than 1/r【r Is the number of members in the group 】.

2. Unforgeability : Other members of the group cannot forge the signature of the real signer , Even if the attacker obtains a valid ring signature , And not for news m Forge a signature .

Other properties , Such as correctness is obvious .

Sign contract : Select hash function Hash, Symmetric encryption algorithm E, secret key k, Message to be signed m, Group member public key $（P_1,P_2,...,P_r）$, The first j Members are real signers ,

Signature generation process ：

- Make k = hash ( m ),k As a symmetric encryption function E The key of
- Choose random values v
- Random selection r-1 It's worth ${x_1,x_2,x_4,...x_r}$, And calculate $y_i=g_i(x_i)$, The corresponding ${y_1,y_2,...,y_r} $（ except $y_j$）
- Make $C_{k,v}=(y_1,y_2,...,y_r)=v$ , To calculate the $y_j$
- $y_j$ Public key encryption gets , Using the private key to reverse compute $x_j=g_j^1(y_j)$
- Combined message m Ring signature of , It's a 2r + 1 Tuples $（P_1,P_2,...,P_r;v;x_1,x_2,...x_r）$ ,

Verify the signature ：

- Through the public key $P_1,...,P_r$, Calculation $y_i=g_i(x_i)$, Encrypted to get $y_1,...,y_r$
- Calculation k = Hash ( M ),
- Verify the equation $C_{k,v}(y_1,y_2,...,y_r)=v$ Is it true

The following is a detailed introduction to RSA A combined solution ！

Simplicity , All member public keys have the same n,$P_i$ representative $（n, e_i）$

- Select symmetric key ：k = hash(m);
- Randomly and evenly select the initial value v;
- The signers are other ring members with uniform random $x_i$, And calculate $y_i=g_i(x_i)$; function gi One way trapdoor function , May make $g_i(x)=x^{e_i}\ mod\ n$
- According to the combination function C(k,v) Formula , Calculate your own $y_{j'}$, among $E_k(m) = m\ xor\ k$

5. The signer uses the private key to solve $x_j=g_j^1(y_j)$ ;

6. Get the news m The signature on is $（P_1,P_2,...,P_r;v;x_1,x_2,...x_r）$ ;

Specific project code , Can be found in GitHub Find a lot of open source implementations in .

The key point of ring signature is , If you know the private key $sk_j$, So we can reverse it $x_i$, send $y_1,y_2,...,y_r$ Form a ring . It's like the signer found a rope , The math guarantees that only people with private keys , To connect the two ends of the rope , Form a ring . And once it's a ring , There's no trace at the joint of the ring , This makes it impossible for the verifier to determine where the ring is connected .

Ring signature can achieve a certain degree of anonymity , But the real signer will still be exposed in the ring . And in the current public chain Market , Compared with ring signature , Zero knowledge proof is still one of the best anonymous schemes .

BTW, There is also an interesting historical story about ring signatures , It can be traced back to France in the 17th century . According to legend , When the French ministers gave advice to the king , In order not to let the king find out who had the head , This kind of ring signature is adopted , The names of all the people are arranged in a circle , Hiding the order , There is no way for the initiators to investigate .

（ Picture source network ）

Link to the original text ：https://mp.weixin.qq.com/s/Yg0Niv2Avf7Toj6rUPZP8Q Welcome to the official account ：blocksight

Mathematics in blockchain - Blind signature （Blind Signature） Blind signature principle

Mathematics in blockchain - sigma agreement OR Proof& Signature sigma Protocol extension --OR proof

Mathematics in blockchain -sigma Deal with the Fiat-Shamir Transformation sigma Deal with the Fiat-Shamir Transformation

Mathematics in blockchain - What is zero knowledge proof ? What is zero knowledge proof

Mathematics in blockchain - RSA Non member proof of accumulator RSA Accumulator Non member proof and blockchain applications

Mathematics in blockchain - Accumulator( accumulator ) Accumulator and RSA Accumulator

Mathematics in blockchain - Kate promise batch opening Kate Promise volume Certification

Mathematics in blockchain - I promise Knowledge and commitment

Mathematics in blockchain - Pedersen Key sharing Pedersen Key sharing

Mathematics in blockchain - Pedersen promise Cryptography promises --Pedersen promise

Mathematics in blockchain - Inadvertently transmit Oblivious transport protocol

Mathematics in blockchain - RSA Algorithm encryption and decryption process and principle RSA Encryption and decryption algorithm

Mathematics in blockchain - BLS Threshold signature BLS m of n Threshold signature

Mathematics in blockchain - BLS Key aggregation BLS Key aggregation

Schorr Signature Basics Schorr Signature and elliptic curve

Mathematics in blockchain -Uniwap Automated market maker core algorithm analysis Uniwap Core algorithm analysis （ in ）

版权声明：本文为[blocksight]所创，转载请带上原文链接，感谢。 https://netfreeman.com/2021/05/20210531203242345i.html

- 币安将允许用户在电商平台Shopify和其他网络进行加密支付
- 趣币早报 | 美IRS在本财年查封12亿美元的加密货币
- Qu coin Morning Post - US IRS seized us $1.2 billion of cryptocurrency in this fiscal year
- Top Shot将在现场篮球比赛中出售独家NFT瞬间
- Top shot will sell exclusive NFT moments in live basketball games
- DAO理想有点早
- Dao ideal a little early
- 读懂NFT简史：从Crypto Kitties诞生到Axie Infinity爆发
- Read the brief history of NFT: from the birth of crypto kitties to the outbreak of axie infinity
- 隐私计算+区块链，助力数据可信治理实践
- Privacy computing + blockchain to help data trusted governance practice
- 区块链在各行业的一些应用示例
- 印度加密市场有多狂热？首设奥运加密奖励
- 美国SEC新主席还是加密行业“友军”吗？
- Consensys全景分析Q2：DeFi使用量、交易量大增，机构跑步入场
- dYdX之后，寻找下一个价值空投
- EIP-1559 升级近在咫尺 以太坊能否旧貌换新颜？
- 一文读懂全球加密市场监管具体政策及演变趋势
- 邹传伟：从用户需求深入分析 DeFi 的五个功能模块
- 《财富》眼里的NFT领域50大最有影响力的Ta
- 美国SEC主席：SEC需要对加密货币交易或出借平台拥有明确的权力
- 读懂a16z参投的ZED RUN：如何打造炫酷的NFT赛马游戏
- 一文读懂区块链预言机：为什么它这么重要
- 「传送」与「存在体验」：Facebook能否解决元宇宙的两项最基本的技术？
- a16z致美国政府公开信：加密网络可以修复现有系统
- Some application examples of blockchain in various industries
- How fanatical is India's encryption market? First Olympic encryption Award
- Is the new chairman of the SEC still a "friend" in the encryption industry?
- Consensys panoramic analysis Q2: the use and transaction volume of defi increased greatly, and the organization ran in
- After dydx, find the next value airdrop
- Eip-1559 upgrade is close at hand. Can Ethereum change its old appearance?
- Understand the specific policies and evolution trend of global encryption market supervision
- Zou Chuanwei: deeply analyze the five functional modules of defi from user needs
- Fortune's top 50 most influential TA in NFT field
- SEC Chairman: the SEC needs to have clear power over cryptocurrency trading or lending platforms
- Read a16z participating zed run: how to create a cool NFT horse racing game
- Read the blockchain Oracle: why is it so important
- "Delivery" and "existential experience": can Facebook solve the two most basic technologies of the metauniverse?
- A16z open letter to the U.S. government: encrypted networks can repair existing systems
- 以太坊伦敦硬分叉即将来袭 加密交易所又将如何部署？
- 美国加密税提案对比特币市场影响有限 它的实施仍有很长的路要
- Ethereum London hard bifurcation is coming, and how will the encryption exchange deploy?
- The US cryptotax proposal has limited impact on the bitcoin market, and its implementation still has a long way to go
- 路易威登推出主题纪念NFT游戏，抽明信片或赢得至少10ETH奖金（附参与教程）
- 加密游戏的突破之路
- Louis Vuitton launches themed commemorative NFT games, draws postcards or wins at least 10eth bonus (with participation tutorial)
- Breakthrough path of encryption game
- Burberry进军NFT 这个市场有何魔力？
- 猿猴头像会席卷推特:看看项目创始人怎么说
- SubQuery 联合 Acala，为 Polkadot 提供 DeFi 数据
- 为何 DeFi 可能比传统金融的风险更小
- What is the magic of Burberry's entry into the NFT market?
- Ape avatars will sweep Twitter: see what the project founders say
- Subquery cooperates with ACALA to provide defi data for Polkadot
- Why is defi less risky than traditional finance
- 梳理全球加密市场监管具体政策，了解未来演变趋势
- 加密货币会不会复苏：比特币未来走势如何
- Sort out the specific regulatory policies of the global encryption market and understand the future evolution trend
- Will cryptocurrency recover: what is the future trend of bitcoin
- Video: currency point interview Tesla price reduction and hot search