Threshold discernible ring signatures

Abstract

A ring signature [1] demonstrates that the signer who produced it is among a group A of n people, called a ring. A signer may produce a ring signature on any ring A he is part of, arbitrarily without any setup procedure or the consent of anyone in A. Several extensions of ring signatures have been proposed in literature. Step out ring signatures introduced in [2] address the issue of a ring member proving that she is not the original signer of a message, in case of dispute. First we show that the scheme in [2] has several flaws and design a correct scheme and prove formally the security of the same. Then we use the basic constructs of our scheme to design a protocol for a new problem, which we refer to as threshold discernible ring signatures. In threshold discernible ring signatures, a group B of t members can co-operate to identify the original signer of a ring signature that involved a group A of n alleged signers, where B A and n t. This is the first time that this problem is considered in the literature. We formally prove the security of our scheme in the random oracle model and propose various extensions. © 2012 Springer-Verlag.