PDF Archive

Easily share your PDF documents with your contacts, on the Web and Social Networks.

Share a file Manage my documents Convert Recover PDF Search Help Contact



Reduced Multilayer Linkable Spontaneous Anonymous Group Signatures v4.1 .pdf


Original filename: Reduced Multilayer Linkable Spontaneous Anonymous Group Signatures v4.1.pdf



Download original PDF file









Document preview


Reduced  Multilayer  Linkable  Spontaneous  Anonymous  Group  
Signatures  v4.1  (RMLSAG  v4.1)  
Based  on  Noether  in  Ring  Confidential  Transactions  (2015).  This  is  an  alternative  
generalization  of  Back’s  ring  signature  scheme  (bLSAG)  which  changes  multi-­‐input  
signature  size  from  m(n+1)+1  in  MLSAG  to  m2+n+1,  a  change  of  [(m-­‐1)(n-­‐m)]  *  32  
bytes  per  ring  signature  of  mixin  level  n-­‐1  and  m  inputs.  Size  is  reduced  when  n  >  m.  
Does  not  solve  index  problem  (attackers  know  all  real  inputs  share  the  same  index).  
Produces  (m2  -­‐  m)  extra  key  images  that  do  not  need  to  be  checked  against  the  
database.
Ring  R  containing  public  keys  {𝐾!,! }  for  i  ∈  {1,  2,  ...,  n}  and  j  ∈  {1,  2,  ...,  m}  for  which  
we  know  the  private  keys  {𝑘!,! }  corresponding  to  the  subset  {𝐾!,! }  for  some  secret  
index  π.  Hash  function  𝐻! 𝑥    returns  some  integer  in  {1,  2,  …,  l}  where  l  is  the  
(prime)  order  of  generator  G’s  subgroup  in  elliptic  curve  EC.  Hash  function  𝐻! 𝑥  
returns  a  point  in  that  subgroup.  Message  m  is  signed.
Signature  
1. Calculate  key  images  𝐾!,! = 𝑘!,! 𝐻! 𝐾!,!  for  all  a,  u  ∈  {1,  2,  ...,  m}.  
2. Generate  random  number  α  ∈R  Zl,  and  random  numbers  ri  ∈R  Zl  for  i  ∈  {1,  2,  ...,  n}  
(except  i  =  π)  
Define:  𝑣!  and  𝑤!  are  used  to  uniquely  anchor  each  key  image,  so  signers  are  forced  
to  report  all  real  key  images  to  pass  verification  
𝑣! = 𝐻! 𝐾!,! , … , 𝐾!,!
𝑤! = 𝐻! 𝐾!,! , … , 𝐾!,!

 
 

Define:  𝐿!  and  𝐹!  will  be  the  seed  terms  
𝐿! = 𝛼𝐺  
!

𝐹! = 𝛼

𝑤! 𝐻! 𝐾!,!

 

!!!

3. Compute  (seed  the  signature)    
cπ+1  =  Hq(m,  𝐿! ,  𝐹! )  
Define:  𝐿!  and  𝐹!  are  used  to  build  the  signature  after  it  is  seeded  
!

𝐿! = 𝑟! + 𝑐!
!

𝐹! = 𝑟! [

𝑣! 𝐾!,!  
!!!

!

!

𝑤! 𝐻! 𝐾!,! ]   +   𝑐! [
!!!

𝑣! 𝑤! 𝐾!,! ]  
!!! !!!

4. For  i  =  π+1,  π+2,  ...,  n,  1,  2,  ...,  π−1  calculate,  replacing  n+1→1,    
ci+1  =  Hn(m,  𝐿! ,  𝐹! )  
5. Define  rπ  such  that    
𝛼 = 𝑟! + 𝑐!

!
!!! 𝑣! 𝑘!,!  (mod  l)  

 
The  ring  signature  contains  the  signature  σ(m)  =  (c1,  r1,  ...,  rn,  𝐾 1,1,  ...,  𝐾 1,m  ,  𝐾 2,1,  
…,  𝐾 2,m  ,  …,  𝐾 m,m),  and  the  ring  R.  
Verification  
 
The  verification  of  a  signature  is  done  in  the  following  manner  
1. For  i  =  1,  ...,  n  compute,  replacing  n+1→1,  
c′i+1  =  Hn(m,  𝐿! ,  𝐹! )  
2. If  c′1  =  c1  then  the  signature  is  valid  


Reduced Multilayer Linkable Spontaneous Anonymous Group Signatures v4.1.pdf - page 1/2
Reduced Multilayer Linkable Spontaneous Anonymous Group Signatures v4.1.pdf - page 2/2

Related documents


untitled pdf document
research statement
moneroideaskoe020520
ijetr2278
ijetr2192
ijeee 10 14 hand vein structure authentication


Related keywords