[curves] EC ring signature schemes

Steve Weis steveweis at gmail.com
Mon Jun 16 10:51:53 PDT 2014

Unfortunately the only ring signature implementations I found on a
quick inspection are pairing-based. PBC has Zhang & Kim's "ID-Based
Blind Signature and ring from pairings" as an example:

J. Ayo Akinyele implemented a couple pairing-based schemes using the
CHARM library:

"X. Boyen. Mesh Signatures: How to Leak a Secret with Unwitting and
Unwilling Participants"
Paper: http://eprint.iacr.org/2007/094.pdf
Code: https://github.com/JHUISI/charm/blob/dev/charm/schemes/pksig/pksig_cyh.py

"S. Chow, S. Yiu and L. Hui - Efficient identity based ring signature."
Paper: https://eprint.iacr.org/2004/327.pdf
Code: https://github.com/JHUISI/charm/blob/dev/charm/schemes/pksig/pksig_boyen.py

I also think there have been pairing-based ring signature
implementations using the RELIC toolkit, but I didn't see any code
online. Here's the toolkit though:

On Mon, Jun 16, 2014 at 7:02 AM, David Leon Gil <coruus at gmail.com> wrote:
> Is anyone aware of any implementation of EC ring signatures *not* using pairing-based crypto? (If not, does anyone have any good ideas on the strategy to pursue in, e.g., Ed25519?)
> (I know that the original RST ("How to leak a secret") scheme has been shown insecure if public keys in the ring are been adversarially chosen. Though the citation is eluding me after several searches, I believe there is a scheme using ZAPs to fix this.)
> - David
> (PS If you are also on Messaging, apologies for the duplication; I mistakenly posted this there originally.)
>> Sent using alpine: an Alternatively Licensed Program for Internet News and Email
> _______________________________________________
> Curves mailing list
> Curves at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/curves

More information about the Curves mailing list