[messaging] Ring signature implementations?

David Leon Gil coruus at gmail.com
Sun Jun 15 19:40:36 PDT 2014


Is anyone aware of any implementation of EC ring signatures *not* using pairing-based crypto? (If not, does anyone have any good ideas on the strategy to pursue in, e.g., Ed25519?)


(I know that the original RST ("How to leak a secret") ring signature scheme has been shown insecure if public keys in the ring are been adversarially chosen. Though the citation is eluding me after several searches, I believe there is a scheme using ZAPs to fix this.)


- David
—
Sent using alpine: an Alternatively Licensed Program for Internet News and Email
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140615/91ef79cc/attachment.html>


More information about the Messaging mailing list