This Article 
 Bibliographic References 
 Add to: 
Cryptanalysis of a Generalized Ring Signature Scheme
April-June 2009 (vol. 6 no. 2)
pp. 149-151
Huaqun Wang, Dalian Fisheries University, Dalian
Futai Zhang, College of Mathematics and Computer Science, Nanjing
Yanfei Sun, Nanjing University of Posts and Telecommunications, Nanjing
The concept of ring signature was first introduced by Rivest et al. in 2001. In a ring signature, instead of revealing the actual identity of the message signer, it specifies a set of possible signers. The verifier can be convinced that the signature was indeed generated by one of the ring members; however, the verifier is unable to tell which member actually produced the signature. A convertible ring signature scheme allows the real signer to convert a ring signature into an ordinary signature by revealing secret information about the ring signature. Thus, the real signer can prove the ownership of a ring signature if necessary, and the the other members in the ring cannot prove the ownership of a ring signature. Based on the original ElGamal signature scheme, a generalized ring signature scheme was proposed for the first time in 2008. The proposed ring signature can achieve unconditional signer ambiguity and is secure against adaptive chosen-message attack in the random oracle model. By comparing to ring signatures based on RSA algorithm, the authors claimed that the proposed generalized ring signature scheme is convertible. It enables the actual message signer to prove to a verifier that only she is capable of generating the ring signature. Through cryptanalysis, we show that the convertibility of the generalized ring signature scheme cannot be satisfied. Everyone in the ring signature has the ability to claim that she generates the generalized ring signature.

[1] R.L. Rivest, A. Shamir, and Y. Tauman, “How to Leak a Secret,” Proc. Seventh Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology-Asiacrypt 2001, C. Boyd, ed., pp.552-565, 2001.
[2] M. Abe, M. Ohkubo, and K. Suzuki, “1-Out-of-n Signatures from a Variety of Keys,” Proc. Eighth Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology-Asiacrypt 2002, Y. Zheng, ed., pp.415-432, 2002.
[3] S.M. Sherman, W.C. Richard, C.K. Lucas, and S.M. Yiu, “Identity Based Ring Signature: Why, How and What Next,” Proc. Second European PKI Workshop (EuroPki '05), C. David and Z. Gansen, eds., pp.144-161, 2005.
[4] X. Boyen, “Mesh Signatures: How to Leak a Secret with Unwitting and Unwilling Participants,” Advances in Cryptology-Eurocrypt 2007, M.Naor, ed., vol.4515, pp.210-217, Springer Berlin/Heidelberg 2007.
[5] E. Fujisaki and K. Suzuki, “Traceable Ring Signature,” Proc. Int'l Conf. Public Key Cryptography—(PKC '07), O. Tatsuaki and W. Xiaoyun, eds., vol.4450, pp.181-200, 2007.
[6] J. Herranz and G. Saez, “Distributed Ring Signatures from General Dual Access Structures,” Designs, Codes and Cryptography, vol. 40, no. 1, pp.103-120, 2006.
[7] Y. Komano, K. Ohta, A. Shimbo, and S. Kawamura, “Toward the Fair Anonymous Signatures: Deniable Ring Signatures,” Proc. Topics in Cryptology—The Cryptographers Traet at the RSA Conf. (CT-RSA '06), D.Pointcheval, ed., pp. 174-191, 2006.
[8] K.C. Lee, H.A. Wen, and T. Hwang, “Convertible Ring Signature,” IEEE Proc.—Comm., vol. 152, no. 4, pp.411-414, 2005.
[9] C.H. Wang and C.Y. Liu, “A New Ring Signature Scheme with Signer-Admission Property,” Information Sciences, vol. 177, no. 3, pp.747-754, 2007.
[10] W. Gao, G. Wang, X. Wang, and D. Xie, “Controllable Ring Signatures,” Proc. Seventh Int'l Workshop Information Security Applications (WISA '06), J.Lee, O. Yi, and M. Yung, eds., vol.4298, pp.1-14, 2006.
[11] F. Zhang and K. Kim, “ID-Based Blind Signature and Ring Signature from Pairings,” Proc. Eighth Int'l Conf. Theory and Application of Cryptology and Information Security: Advances in Cryptology, Y. Zheng, ed., pp.533-547, 2002.
[12] J. Xu, Z. Zhang, and D. Feng, “A Ring Signature Scheme Using Bilinear Pairings,” Proc. Fifth Int'l Workshop Information Security Applications (WISA'04), C.H. Lim and M. Yung, eds., pp.163-172, 2005.
[13] C.Y. Lin and T.C. Wu, “An Identity-Based Ring Signature Scheme from Bilinear Pairings,” Proc. 18th Int'l Conf. Advanced Information Networking and Applications (AINA '04), vol. 1, pp.182-185, 2004.
[14] C. Gamage, B. Gras, B. Crispo, and A.S. Tanenbaum, “An Identity-Based Ring Signature Scheme with Enhanced Privacy,” Proc. Securecomm. and Workshops, pp.1-5, Aug./Sept. 2006.
[15] A. Bender, J. Katz, and R. Morselli, “Ring Signatures: Stronger Definitions, and Constructions without Random Oracles,” Theory of Cryptology, vol. 3876, pp. 60-79. Springer Berlin/Heidelberg, 2006.
[16] J. Li, X. Chen, T.H. Yuen, and Y. Wang, “Proxy Ring Signature: Formal Definitions, Efficient Construction and New Variant,” Proc. 2006 Int'l Conf. Computational Intelligence and Security (CIS '06), vol. 4456, pp.545-555, 2006.
[17] J.K. Liu and D.S. Wong, “On the Security Models of (Threshold) Ring Signature Schemes,” Proc. Int'l Conf. Information Security and Cryptology (ICISC '04), vol. 3506, pp.204-217, 2004.
[18] J. Herranz and G. Saez, “Forking Lemmas in the Ring Signatures Scenario,” Technical Report 067, Int'l Assoc. Cryptologic Research, http://eprint.iacr. org/, 2003.
[19] R.L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Comm. ACM, vol. 21, no. 2, pp.120-126, Feb. 1978.
[20] J. Herranz, “Identity-Based Ring Signatures from RSA,” Theoretical Computer Science, vol. 389, nos.1/2, pp.100-117, Dec. 2007.
[21] T.A. ElGamal, “A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms,” IEEE Trans. Information Theory, vol. 31, no. 4, pp.469-472, Jul. 1985.
[22] L. Harn and Y. Xu, “Design of Generalised ElGamal Type Digital Signature Schemes Based on Discrete Logarithm,” Electronica Letters, vol. 30, no. 24, pp.2025-2026, Nov. 1994.
[23] J. Ren and L. Harn, “Generalized Ring Signatures,” IEEE Trans. Dependable and Secure Computing, vol. 5, no. 3, pp.155-163, July-Sept. 2008.
[24] S. Goldwasser, S. Micali, and R.L. Rivest, “A Digital Signature Scheme Secure against Adaptive Chosen-Message Attacks,” SIAM J. Computing, vol. 17, no. 2, pp.281-308, 1988.

Index Terms:
Ring signature, ElGamal signature, convertibility, anonymity, discrete logarithm.
Huaqun Wang, Futai Zhang, Yanfei Sun, "Cryptanalysis of a Generalized Ring Signature Scheme," IEEE Transactions on Dependable and Secure Computing, vol. 6, no. 2, pp. 149-151, April-June 2009, doi:10.1109/TDSC.2009.13
Usage of this product signifies your acceptance of the Terms of Use.