# Borromean Ring Signatures ∗

@inproceedings{Maxwell2015BorromeanRS, title={Borromean Ring Signatures ∗}, author={Gregory Maxwell and Andrew Poelstra}, year={2015} }

In 2002, Abe, Ohkubo, and Suzuki developed a new type of ring signature based on the discrete logarithm problem, which used a novel commitment structure to gain significant savings in size and verification time for ring signatures[AOS02]. Ring signatures are signatures using n verification keys which require knowledge of one of the corresponding secret keys. They can therefore be considered a signature of a disjunctive statement “I know x1 OR I know x2 OR . . . ”. We generalise their…

## 43 Citations

Ring Confidential Transactions

- Computer Science, MathematicsLedger
- 2016

A new type of ring signature, A Multilayered Linkable Spontaneous Anonymous Group signature is described which allows one to include a Pedersen Commitment in a ring signature and results in a digital currency with hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation.

Bulletproofs : Efficient Range Proofs for Confidential Transactions

- Mathematics, Computer Science
- 2017

Bulletproofs is a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup, which greatly improves on the linear range proofs currently used to implement Confidential Transactions in Bitcoin and other cryptocurrencies.

Zero to Monero : First Edition a

- Computer Science, Mathematics
- 2018

Anyone who knows basic algebra and simple computer science concepts like the ‘bit representation’ of a number is taught not only how Monero works at a deep and comprehensive level, but also how useful and beautiful cryptography can be.

A simpler construction of traceable and linkable ring signature scheme

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

Traceable and linkable ring signature scheme (TLRS) plays a major role in the construction of auditable privacy-preserving blockchains, as it empowers the auditor with traceability of signers’…

How to Squeeze a Crowd: Reducing Bandwidth in Mixing Cryptocurrencies

- Computer Science, Mathematics2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
- 2018

This work proposes a simple technique for efficiently sampling cover traffic from a finite (and public) set of known values, while deriving a compact description of the resulting transaction set, and describes the construction as a recoverable sampling scheme.

Signatures from Sequential-OR Proofs

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2020

The common technique to build OR-proofs is based on an approach introduced by Cramer, Damgard, and Schoenmakers, where the prover splits the verifier’s challenge into random shares and computes proofs for each statement in parallel.

One-Time , Zero-Sum Ring Signature

- Computer Science, Mathematics
- 2015

A new ring signature construction is proposed, called a One-Time, Zero-Sum Ring Signature (OZRS), that proves the output amount is zero sum when using CryptoNote’s ring signatures, but the signer has no control over the blinding factors of other inputs.

MiniLedger: Compact-sized Anonymous and Auditable Distributed Payments

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2021

This work presents MiniLedger, a distributed payment system which not only guarantees the privacy of transactions, but also offers built-in functionalities for various types of audits by any external authority and provides formal security definitions and a number of extensions for various auditing levels.

Switch Commitments: A Safety Switch for Confidential Transactions

- Computer Science, MathematicsFinancial Cryptography Workshops
- 2017

Cryptographic agility is the ability to switch to larger cryptographic parameters or different algorithms in the case of security doubts, which is inherently difficult to achieve in cryptocurrencies due to their permanent state in the blockchain.

Confidential Assets

- Computer ScienceFinancial Cryptography Workshops
- 2018

This paper describes a scheme, confidential transactions, which blinds the amounts of all UTXOs, while preserving public verifiability that no transaction creates or destroys coins, improving privacy and fungibility without a trusted setup or exotic cryptographic assumptions.

## References

SHOWING 1-8 OF 8 REFERENCES

How to Leak a Secret

- Computer Science, MathematicsASIACRYPT
- 2001

A new construction of ring signatures is proposed, which is unconditionally signer-ambiguous, provably secure in the random oracle model, and exceptionally efficient: adding each ring member increases the cost of signing or verifying by a single modular multiplication and a single symmetric encryption.

1-out-of-n Signatures from a Variety of Keys

- Computer Science, MathematicsIEICE Trans. Fundam. Electron. Commun. Comput. Sci.
- 2004

A widely applicable method to construct a 1-out-of-n signature scheme that allows mixture use of different flavors of keys at the same time and is more efficient than previous schemes even if it is used only with a single type of keys.

Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols

- Computer Science, MathematicsCRYPTO
- 1994

This work shows how to transform P into a witness indistinguishable protocol, in which the prover demonstrates knowledge of the solution to some subset of n problem instances out of a collection of subsets denned by S.

Chameleon Hashing and Signatures

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 1998

We introduce chameleon signatures that provide with an undeniable commitment of the signer to the contents of the signed document (as regular digital signatures do) but, at the same time, do not…

How to Prove Yourself: Practical Solutions to Identification and Signature Problems

- Computer Science, MathematicsCRYPTO
- 1986

Simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys are described.

Efficient Identification and Signatures for Smart Cards

- Computer Science, MathematicsCRYPTO
- 1989

We present an efficient interactive identification scheme and a related signature scheme that are based on discrete logarithms and which are particularly suited for smart cards. Previous…

Generalized Secret Sharing and Monotone Functions

- Computer Science, MathematicsCRYPTO
- 1988

This paper will present general methods for constructing secret sharing schemes for any given secret sharing function using the set of monotone functions and tools developed for simplifying the latter set can be applied equally well to the former set.

Random oracles are practical: a paradigm for designing efficient protocols

- Computer Science, MathematicsCCS '93
- 1993

It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security.