• Corpus ID: 16289588

Borromean Ring Signatures ∗

  title={Borromean Ring Signatures ∗},
  author={Gregory Maxwell and Andrew Poelstra},
In 2002, Abe, Ohkubo, and Suzuki developed a new type of ring signature based on the discrete logarithm problem, which used a novel commitment structure to gain significant savings in size and verification time for ring signatures[AOS02]. Ring signatures are signatures using n verification keys which require knowledge of one of the corresponding secret keys. They can therefore be considered a signature of a disjunctive statement “I know x1 OR I know x2 OR . . . ”. We generalise their… 

Figures from this paper

Ring Confidential Transactions
A new type of ring signature, A Multilayered Linkable Spontaneous Anonymous Group signature is described which allows one to include a Pedersen Commitment in a ring signature and results in a digital currency with hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation.
Bulletproofs : Efficient Range Proofs for Confidential Transactions
Bulletproofs is a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup, which greatly improves on the linear range proofs currently used to implement Confidential Transactions in Bitcoin and other cryptocurrencies.
Zero to Monero : First Edition a
Anyone who knows basic algebra and simple computer science concepts like the ‘bit representation’ of a number is taught not only how Monero works at a deep and comprehensive level, but also how useful and beautiful cryptography can be.
A simpler construction of traceable and linkable ring signature scheme
Traceable and linkable ring signature scheme (TLRS) plays a major role in the construction of auditable privacy-preserving blockchains, as it empowers the auditor with traceability of signers’
How to Squeeze a Crowd: Reducing Bandwidth in Mixing Cryptocurrencies
  • Alishah ChatorM. Green
  • Computer Science, Mathematics
    2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
  • 2018
This work proposes a simple technique for efficiently sampling cover traffic from a finite (and public) set of known values, while deriving a compact description of the resulting transaction set, and describes the construction as a recoverable sampling scheme.
Signatures from Sequential-OR Proofs
The common technique to build OR-proofs is based on an approach introduced by Cramer, Damgard, and Schoenmakers, where the prover splits the verifier’s challenge into random shares and computes proofs for each statement in parallel.
One-Time , Zero-Sum Ring Signature
A new ring signature construction is proposed, called a One-Time, Zero-Sum Ring Signature (OZRS), that proves the output amount is zero sum when using CryptoNote’s ring signatures, but the signer has no control over the blinding factors of other inputs.
MiniLedger: Compact-sized Anonymous and Auditable Distributed Payments
This work presents MiniLedger, a distributed payment system which not only guarantees the privacy of transactions, but also offers built-in functionalities for various types of audits by any external authority and provides formal security definitions and a number of extensions for various auditing levels.
Switch Commitments: A Safety Switch for Confidential Transactions
Cryptographic agility is the ability to switch to larger cryptographic parameters or different algorithms in the case of security doubts, which is inherently difficult to achieve in cryptocurrencies due to their permanent state in the blockchain.
Confidential Assets
This paper describes a scheme, confidential transactions, which blinds the amounts of all UTXOs, while preserving public verifiability that no transaction creates or destroys coins, improving privacy and fungibility without a trusted setup or exotic cryptographic assumptions.


How to Leak a Secret
A new construction of ring signatures is proposed, which is unconditionally signer-ambiguous, provably secure in the random oracle model, and exceptionally efficient: adding each ring member increases the cost of signing or verifying by a single modular multiplication and a single symmetric encryption.
1-out-of-n Signatures from a Variety of Keys
A widely applicable method to construct a 1-out-of-n signature scheme that allows mixture use of different flavors of keys at the same time and is more efficient than previous schemes even if it is used only with a single type of keys.
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
This work shows how to transform P into a witness indistinguishable protocol, in which the prover demonstrates knowledge of the solution to some subset of n problem instances out of a collection of subsets denned by S.
Chameleon Hashing and Signatures
We introduce chameleon signatures that provide with an undeniable commitment of the signer to the contents of the signed document (as regular digital signatures do) but, at the same time, do not
How to Prove Yourself: Practical Solutions to Identification and Signature Problems
Simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys are described.
Efficient Identification and Signatures for Smart Cards
We present an efficient interactive identification scheme and a related signature scheme that are based on discrete logarithms and which are particularly suited for smart cards. Previous
Generalized Secret Sharing and Monotone Functions
This paper will present general methods for constructing secret sharing schemes for any given secret sharing function using the set of monotone functions and tools developed for simplifying the latter set can be applied equally well to the former set.
Random oracles are practical: a paradigm for designing efficient protocols
It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.