Multi Designated Verifier Ring Signatures
Authors: S. Kolby, E. Pagnin, S. Yakoubov
In: Communications in Cryptology, 2024
Full Text:
Abstract
We study signatures well suited for sensitive applications (e.g. whistle-blowing) where both the signer’s anonymity and deniability are important. Two independent lines of work have tackled these two goals: ring signatures ensure the signer’s anonymity (within a set of signers, called a ring), and — separately — multi-designated verifier signatures ensure that all the intended recipients agree on whether a signature is valid, while maintaining the signer’s deniability by preventing the intended recipients from convincing an outsider of the validity of the signature. In this paper, we introduce multi-designated verifier ring signatures (MDVRS), which simultaneously offer both signer anonymity and deniability. This makes MDVRS uniquely suited for sensitive scenarios. Following the blueprint of Damgård et al (TCC’20) for multi-designated verifier signatures, we introduce provably simulatable designated-verifier ring signatures (PSDVRS) as an intermediate building block which we then compile into an MDVRS. We instantiate PSDVRS in a concretely efficient way from discrete-logarithm-based sigma protocols, encryption and commitments.
Keywords: Ring Signatures, Designated Verifier, Anonymity.