Accountable Ring Signatures: A Smart Card Approach

Ring signatures are an important primitive for protecting signers’ privacy while ensuring that a signature in question is indeed issued by some qualified user. This notion can be seen as a generalization of the well-known notion of group signatures. A group signature is a signature such that a verifier can establish its validity but not the identity of the actual signer, who can nevertheless be identified by a designated entity called group manager. A ring signature is also a signature such that a verifier can establish its validity but not the identity of the actual signer, who indeed can never be identified by any party. An important advantage of ring signatures over group signatures is that there is no need to pre-specify rings or groups of users. In this paper, we argue that the lack of an accountability mechanism in ring signature schemes would result in severe consequences, and thus accountable ring signatures might be very useful. An accountable ring signature ensures the following: anyone can verify that the signature is generated by a user belonging to a set of possible signers that may be chosen on-the-fly, whereas the actual signer can nevertheless be identified by a designated trusted entity – a system-wide participant independent of any possible ring of users. Further, we present a system framework for accountable ring signatures. The framework is based on a compiler that transforms a traditional ring signature scheme into an accountable one. We also conduct a case study by elaborating on how a traditional ring signature scheme is transformed into an accountable one while assuming a weak trust model. 272 Shouhuai Xu and Moti Yung