Ring signature schemes for general ad-hoc access structures

Abstract

In a ring signature scheme for ad-hoc access structures, members of a set can freely choose a family of sets including their own set. Then they use their secret keys and the public keys of the other users to compute a signature which enjoys two properties: the external verifier is convinced that all members of some set in the access structure have cooperated to compute the signature; but he has no information about which is the set whose members have actually signed the message. In this work we propose such a scheme, based on the ideas of a ring signature scheme for discrete logarithm scenarios. The scheme allows the choice of any general access structure, not only threshold ones, as it happened with previous constructions. We prove that the resulting scheme is anonymous and existentially unforgeable under chosen message attacks, assuming that the Discrete Logarithm problem is hard to solve. © Springer-Verlag Berlin Heidelberg 2005.