Corpus ID: 16289588

Borromean Ring Signatures ∗

  title={Borromean Ring Signatures ∗},
  author={Gregory Maxwell and Andrew Poelstra},
In 2002, Abe, Ohkubo, and Suzuki developed a new type of ring signature based on the discrete logarithm problem, which used a novel commitment structure to gain significant savings in size and verification time for ring signatures[AOS02]. Ring signatures are signatures using n verification keys which require knowledge of one of the corresponding secret keys. They can therefore be considered a signature of a disjunctive statement “I know x1 OR I know x2 OR . . . ”. We generalise their… Expand

Figures from this paper

Ring Confidential Transactions
A new type of ring signature, A Multilayered Linkable Spontaneous Anonymous Group signature is described which allows one to include a Pedersen Commitment in a ring signature and results in a digital currency with hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation. Expand
Bulletproofs : Efficient Range Proofs for Confidential Transactions
We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. BulletproofsExpand
Bulletproofs: Short Proofs for Confidential Transactions and More
We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. BulletproofsExpand
A Simpler and Modular Construction of Linkable Ring Signature
SLRS is a simpler and modular construction of linkable ring signature scheme, which only use standard ring signature as component, without any additional one-time signatures or zeroknowledge proofs, and is more efficient than existing schemes in both generation and verification. Expand
Zero to Monero : First Edition a
Cryptography. It may seem like only mathematicians and computer scientists have access to this obscure, esoteric, powerful, elegant topic. In fact, many kinds of cryptography are simple enough thatExpand
A simpler construction of traceable and linkable ring signature scheme
Traceable and linkable ring signature scheme (TLRS) plays a major role in the construction of auditable privacy-preserving blockchains, as it empowers the auditor with traceability of signers’Expand
How to Squeeze a Crowd: Reducing Bandwidth in Mixing Cryptocurrencies
  • A. Chator, Matthew Green
  • Computer Science
  • 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
  • 2018
This work proposes a simple technique for efficiently sampling cover traffic from a finite (and public) set of known values, while deriving a compact description of the resulting transaction set, and describes the construction as a recoverable sampling scheme. Expand
Signatures from Sequential-OR Proofs
The common technique to build OR-proofs is based on an approach introduced by Cramer, Damgard, and Schoenmakers, where the prover splits the verifier’s challenge into random shares and computes proofs for each statement in parallel. Expand
One-Time , Zero-Sum Ring Signature
Is Bitcoin a currency? The jurisdictions of institutions all over the world have culminated in everything but a unanimous decision. In practice, Bitcoin offers the majority of features present inExpand
MiniLedger: Compact-sized Anonymous and Auditable Distributed Payments
This work presents MiniLedger, a distributed payment system which not only guarantees the privacy of transactions, but also offers built-in functionalities for various types of audits by any external authority and provides formal security definitions and a number of extensions for various auditing levels. Expand


How to Leak a Secret
A new construction of ring signatures is proposed, which is unconditionally signer-ambiguous, provably secure in the random oracle model, and exceptionally efficient: adding each ring member increases the cost of signing or verifying by a single modular multiplication and a single symmetric encryption. Expand
1-out-of-n Signatures from a Variety of Keys
A widely applicable method to construct a 1-out-of-n signature scheme that allows mixture use of different flavors of keys at the same time and is more efficient than previous schemes even if it is used only with a single type of keys. Expand
Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols
This work shows how to transform P into a witness indistinguishable protocol, in which the prover demonstrates knowledge of the solution to some subset of n problem instances out of a collection of subsets denned by S. Expand
Chameleon Hashing and Signatures
We introduce chameleon signatures that provide with an undeniable commitment of the signer to the contents of the signed document (as regular digital signatures do) but, at the same time, do notExpand
Generalized Secret Sharing and Monotone Functions
This paper will present general methods for constructing secret sharing schemes for any given secret sharing function using the set of monotone functions and tools developed for simplifying the latter set can be applied equally well to the former set. Expand
Random oracles are practical: a paradigm for designing efficient protocols
It is argued that the random oracles model—where all parties have access to a public random oracle—provides a bridge between cryptographic theory and cryptographic practice, and yields protocols much more efficient than standard ones while retaining many of the advantages of provable security. Expand
How to Prove Yourself: Practical Solutions to Identification and Signature Problems
Simple identification and signature schemes which enable any user to prove his identity and the authenticity of his messages to any other user without shared or public keys are described. Expand
Efficient Identification and Signatures for Smart Cards
We present an efficient interactive identification scheme and a related signature scheme that are based on discrete logarithms and which are particularly suited for smart cards. PreviousExpand
Plato's Theory of Ideas.