# Borromean Ring Signatures ∗

@inproceedings{Maxwell2015BorromeanRS, title={Borromean Ring Signatures ∗}, author={Gregory Maxwell and Andrew Poelstra}, year={2015} }

In 2002, Abe, Ohkubo, and Suzuki developed a new type of ring signature based on the discrete logarithm problem, which used a novel commitment structure to gain significant savings in size and verification time for ring signatures[AOS02]. Ring signatures are signatures using n verification keys which require knowledge of one of the corresponding secret keys. They can therefore be considered a signature of a disjunctive statement “I know x1 OR I know x2 OR . . . ”. We generalise their… Expand

#### 42 Citations

Ring Confidential Transactions

- Engineering, Computer Science
- Ledger
- 2016

A new type of ring signature, A Multilayered Linkable Spontaneous Anonymous Group signature is described which allows one to include a Pedersen Commitment in a ring signature and results in a digital currency with hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation. Expand

Bulletproofs : Efficient Range Proofs for Confidential Transactions

- 2017

We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. Bulletproofs… Expand

Bulletproofs: Short Proofs for Confidential Transactions and More

- Computer Science
- 2018 IEEE Symposium on Security and Privacy (SP)
- 2018

We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. Bulletproofs… Expand

A Simpler and Modular Construction of Linkable Ring Signature

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2020

SLRS is a simpler and modular construction of linkable ring signature scheme, which only use standard ring signature as component, without any additional one-time signatures or zeroknowledge proofs, and is more efficient than existing schemes in both generation and verification. Expand

Zero to Monero : First Edition a

- 2018

Cryptography. It may seem like only mathematicians and computer scientists have access to this obscure, esoteric, powerful, elegant topic. In fact, many kinds of cryptography are simple enough that… Expand

A simpler construction of traceable and linkable ring signature scheme

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2019

Traceable and linkable ring signature scheme (TLRS) plays a major role in the construction of auditable privacy-preserving blockchains, as it empowers the auditor with traceability of signers’… Expand

How to Squeeze a Crowd: Reducing Bandwidth in Mixing Cryptocurrencies

- Computer Science
- 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
- 2018

This work proposes a simple technique for efficiently sampling cover traffic from a finite (and public) set of known values, while deriving a compact description of the resulting transaction set, and describes the construction as a recoverable sampling scheme. Expand

Signatures from Sequential-OR Proofs

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2020

The common technique to build OR-proofs is based on an approach introduced by Cramer, Damgard, and Schoenmakers, where the prover splits the verifier’s challenge into random shares and computes proofs for each statement in parallel. Expand

One-Time , Zero-Sum Ring Signature

- 2015

Is Bitcoin a currency? The jurisdictions of institutions all over the world have culminated in everything but a unanimous decision. In practice, Bitcoin offers the majority of features present in… Expand

MiniLedger: Compact-sized Anonymous and Auditable Distributed Payments

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2021

This work presents MiniLedger, a distributed payment system which not only guarantees the privacy of transactions, but also offers built-in functionalities for various types of audits by any external authority and provides formal security definitions and a number of extensions for various auditing levels. Expand

#### References

SHOWING 1-9 OF 9 REFERENCES

How to Leak a Secret

- Computer Science
- ASIACRYPT
- 2001

A new construction of ring signatures is proposed, which is unconditionally signer-ambiguous, provably secure in the random oracle model, and exceptionally efficient: adding each ring member increases the cost of signing or verifying by a single modular multiplication and a single symmetric encryption. Expand

1-out-of-n Signatures from a Variety of Keys

- Mathematics, Computer Science
- IEICE Trans. Fundam. Electron. Commun. Comput. Sci.
- 2004

A widely applicable method to construct a 1-out-of-n signature scheme that allows mixture use of different flavors of keys at the same time and is more efficient than previous schemes even if it is used only with a single type of keys. Expand

Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols

- Mathematics, Computer Science
- CRYPTO
- 1994

This work shows how to transform P into a witness indistinguishable protocol, in which the prover demonstrates knowledge of the solution to some subset of n problem instances out of a collection of subsets denned by S. Expand

Chameleon Hashing and Signatures

- Computer Science
- IACR Cryptol. ePrint Arch.
- 1998

We introduce chameleon signatures that provide with an undeniable commitment of the signer to the contents of the signed document (as regular digital signatures do) but, at the same time, do not… Expand

Generalized Secret Sharing and Monotone Functions

- Mathematics, Computer Science
- CRYPTO
- 1988

This paper will present general methods for constructing secret sharing schemes for any given secret sharing function using the set of monotone functions and tools developed for simplifying the latter set can be applied equally well to the former set. Expand

Random oracles are practical: a paradigm for designing efficient protocols

- Computer Science
- CCS '93
- 1993

It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. Expand

How to Prove Yourself: Practical Solutions to Identification and Signature Problems

- Computer Science
- CRYPTO
- 1986

Simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys are described. Expand

Efficient Identification and Signatures for Smart Cards

- Computer Science
- CRYPTO
- 1989

We present an efficient interactive identification scheme and a related signature scheme that are based on discrete logarithms and which are particularly suited for smart cards. Previous… Expand