Blog

Viewing posts from February, 2019

Ring signatures

Posted by: Adam Gibson | in Cryptography | 5 months ago | 0 comments

Outline:

  • Basic goal of 1-of-\(N\) ring signatures
  • Recap: the \(\Sigma\)-protocol
  • OR of \(\Sigma\)-protocols, CDS 1994
  • Abe-Ohkubo-Suzuki (AOS) 2002 (broken version)
  • Security weaknesses
  • Key prefixing
  • Borromean, Maxwell-Poelstra 2015
  • Linkability and exculpability
  • AND of \(\Sigma\)-protocols, DLEQ
  • Liu-Wei-Wong 2004
  • Security arguments for the LWW LSAG
  • Back 2015; compression, single-use
  • Fujisaki-Suzuki 2007 and Cryptonote 2014
  • Monero MLSAG

Basic goal of 1-of-\(N\) ring signatures

The idea of a ring signature (the term itself is a bit sloppy in context, but let's stick with it for now) is simple enough:

Liars, cheats, scammers and the Schnorr signature

Posted by: Adam Gibson | in Cryptography | 5 months ago | 1 comment

How sure are you that the cryptography underlying Bitcoin is secure? With regard to one future development of Bitcoin's crypto, in discussions in public fora, I have more than once confidently asserted "well, but the Schnorr signature has a security reduction to ECDLP". Three comments on that before we begin: