Compact ring signature in the standard model for blockchain

Abstract

Ring signature is a variant of digital signature, which makes any member in a group generate signatures representing this group with anonymity and unforgeability. In recent years, ring signatures have been employed as a kind of anonymity technology in the blockchain-based cryptocurrency such as Monero. Recently Malavolta et al. introduced a novel ring signature protocol that has anonymity and unforgeability in the standard model [33]. Their construction paradigm is based on non-interactive zero-knowledge (NIZK) arguments of knowledge and re-randomizable keys. In this work, for the purpose of lower bandwidth cost in blockchain, we improve their ring signature by proposing a compact NIZK argument of knowledge. We show our NIZK holds under a new complexity assumption Compact Linear Knowledge of Exponent Assumption. Without the expense of security, our proposed ring signature scheme is anonymous and unforgeable in the standard model. It saves almost half of storage space of signature, and reduces almost half of pairing computations in verification process. When the ring size is large, the effect of our improvements is obvious.