Abstract
A ring signature scheme allows a signer to sign a message anonymously, while the deniable ring signature scheme, introduced by Komano et al., guarantees that the signer should be involved in opening the signer anonymity. Gao et al. proposed the first lattice-based deniable ring signature scheme and claimed that their scheme satisfies the following security requirements: anonymity, traceability and non-frameability. In this work, we demonstrate that their scheme does not satisfy the latter two requirements. Specifically, we show that: (1) A malicious signer can produce a valid ring signature that violates traceability; (2) a malicious signer can also generate a valid ring signature that breaks non-frameability. Our attacks are simple and efficient, with successful probability close to 1. Then, we give a simple countermeasure to thwart the attack in (2). To prevent our attack in (1) is non-trivial, but we point out that a deniable ring signature scheme without the traceability property can still find applications in some specific situations.
Similar content being viewed by others
Notes
Recall that the ring signature generated by the honest user 3 will contain a term \(A'=h_{{\hat{b}}'}(\hat{s_3})-H_1(3\Vert \hat{a_3})\cdot S\); then, the pair \(\big ({\hat{b}}',~A'+H_1(3\Vert \hat{a_3})\cdot S\big )\) is exactly what we need.
Note that in the original (N)DRS schemes, the real signer can be detected by any verifier when other ring members are required to confirm or disavow their part in the signature.
References
Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret: theory and applications of ring signatures. Theor. Comput. Sci. Essays Mem Shimon Even 3895(23), 164–186 (2006). https://doi.org/10.1007/11685654_7
Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in ad hoc groups. In: Christian, C., Camenisch, J.L. (eds.) EUROCRYPT’04—Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, Lecture Notes in Computer Science, vol. 3027, pp. 609–626. Springer, Berlin (2004). https://doi.org/10.1007/978-3-540-24676-3_36. http://link.springer.com/chapter/10.1007/978-3-540-24676-3_36
Naor, M.: Deniable ring authentication. In: Yung, M. (eds.) CRYPTO’02–Proceedings of 22nd Annual International Cryptology Conference, Lecture Notes in Computer Science, vol. 2442, pp. 481–498. Springer, Berlin (2002). https://doi.org/10.1007/3-540-45708-9_31. http://link.springer.com/chapter/10.1007/3-540-45708-9_31
Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) Advances in Cryptology—EUROCRYPT 1991, pp. 257–265. Springer, Berlin (1991). https://doi.org/10.1007/3-540-46416-6_22
Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) Advances in Cryptology—EUROCRYPT 2003, pp. 614–629. Springer, Berlin (2003). https://doi.org/10.1007/3-540-39200-9_38
Boyen, X., Waters, B.: Compact group signatures without random oracles. In: Vaudenay, S. (ed.) Advances in Cryptology—EUROCRYPT 2006, pp. 427–444. Springer, Berlin (2006). https://doi.org/10.1007/11761679_26
Groth, J.: Fully anonymous group signatures without random oracles. In: Kurosawa, K. (ed.) Advances in Cryptology—ASIACRYPT 2007, pp. 164–180. Springer, Berlin (2007). https://doi.org/10.1007/978-3-540-76900-2_10
Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.S. (eds.) Advances in Cryptology, EUROCRYPT 2016, pp. 1–31. Springer, Berlin (2016). https://doi.org/10.1007/978-3-662-49896-5_1
Komano, Y., Ohta, K., Shimbo, A., Kawamura, S.: Toward the fair anonymous signatures: deniable ring signatures. In: Pointcheval, D. (ed.) CT-RSA 2006—Topics in Cryptology, pp. 174–191. Springer, Berlin (2006). https://doi.org/10.1007/11605805_12
Gao, W., Chen, L., Hu, Y., Newton, C., Wang, B., Chen, J.: Lattice-based deniable ring signatures. Int. J. Inf. Secur. (2018). https://doi.org/10.1007/s10207-018-0417-1
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26(5), 1484–1509 (1997). https://doi.org/10.1137/S0097539795293172
Aguilar-Melchor, C., Bettaieb, S., Boyen, X., Fousse, L., Gaborit, P.: Adapting Lyubashevsky’s signature schemes to the ring signature setting. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013–Progress in Cryptology: 6th International Conference on Cryptology in Africa, pp. 1–25. Springer, Berlin (2013). https://doi.org/10.1007/978-3-642-38553-7_1
Lyubashevsky, V.: Fiat-shamir with aborts: applications to lattice and factoring-based signatures. In: Matsui, M. (ed.) ASIACRYPT 2009—Advances in Cryptology: 15th International Conference on the Theory and Application of Cryptology and Information Security, pp 598–616. Springer, Berlin (2009). https://doi.org/10.1007/978-3-642-10366-7_35
Brakerski, Z., Kalai, Y.T.: A framework for efficient signatures, ring signatures and identity-based encryption in the standard model. Cryptology Eprint Archive, Report 2010/086 (2010). http://eprint.iacr.org/2010/086
Wang, F., Hu, Y., Wang, C.: A lattice-based ring signature scheme from bonsai trees. J. Electron. Inf. Technol. 32(10), 2400 (2010). https://doi.org/10.3724/SP.J.1146.2009.01491
Funding
Funding was provided by the National Key R&D Program of China (Grant No. 2017YFB0802000), the Foundation of National Natural Science of China (Grant Nos. 61802075, 61802241, 61672412, 61772147, U19B2021, U1736111), the National Cryptography Development Fund (Grant Nos. MMJJ20170104, MMJJ20170117, MMJJ20180111), the Guangdong Province Natural Science Foundation of Major Basic Research and Cultivation Project (Grant No. 2015A030308016), the Project of Ordinary University Innovation Team Construction of Guangdong Province (Grant No. 2015KCXTD014), the Collaborative Innovation Major Projects of Bureau of Education of Guangzhou City (Grant No. 1201610005) and the National Natural Science Foundation of Shaanxi Province (Grant No. 2020ZDLGY08-04).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Human participants or animals performed
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Jia, H., Tang, C. Cryptanalysis of a non-interactive deniable ring signature scheme. Int. J. Inf. Secur. 20, 103–112 (2021). https://doi.org/10.1007/s10207-020-00497-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-020-00497-5