A New Lattice-Based Blind Ring Signature for Completely Anonymous Blockchain Transaction Systems

Xie, Yi-Yang; Chen, Xiu-Bo; Yang, Yi-Xian

doi:https://doi.org/10.1155/2022/4052029

Security and Communication Networks

On this page

Abstract Introduction Preliminaries Conclusion Data Availability Conflicts of Interest Acknowledgments References Copyright Related Articles

Special Issue

Advances in Security and Performance of Blockchain Systems

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 4052029 | https://doi.org/10.1155/2022/4052029

A New Lattice-Based Blind Ring Signature for Completely Anonymous Blockchain Transaction Systems

Yi-Yang Xie,¹Xiu-Bo Chen,¹and Yi-Xian Yang¹

Academic Editor: Anmin Fu

Received24 Feb 2022

Revised19 Jul 2022

Accepted27 Jul 2022

Published01 Sept 2022

Abstract

Blockchain technology has been widely applied in numerous industries with its decentralization, verifiability, distributivity, and immutability. However, the identity privacy security of blockchain users is facing serious threats because of the openness of traditional blockchain transaction information. Moreover, numerous traditional cryptographic algorithms used by blockchain transaction networks are difficult to attack quantum computing. In this paper, we propose a new lattice-based blind ring signature scheme in allusion to completely anonymous blockchain transaction systems. There into, the blind ring signature can implement the complete anonymity of user identity privacy in blockchain transactions. Meanwhile, lattice cryptography can availably resist quantum computing attacks. Firstly, the proposed signature scheme has strong computational security based on the small integer solution (SIS) problem and a high sampling success rate by utilizing the techniques of rejection sampling from bimodal Gaussian distribution. Secondly, the proposed signature scheme can satisfy the correctness and security under the random oracle model, including anonymity, blindness, and one-more unforgeability. Thirdly, we construct a blockchain transaction system based on the proposed blind ring signature algorithm, which realizes the completely anonymous and antiquantum computing security of the blockchain users’ identity privacy. Finally, the performance evaluation results show that our proposed blind ring signature scheme has lower latency, smaller key size, and signature size than other similar schemes.

1. Introduction

Blockchain has gained much attention that is widely used in digital currency, medical, government services, and other applications, however, the security problems of blockchain have become increasingly prominent in recent years. As the data information needs to be jointly maintained by each node in the blockchain distributed network, it requires that the transaction information must be public, which will lead to the disclosure of personal identity privacy data. In many classical blockchain systems represented by Bitcoin [1], users utilize a string of numbers unrelated to their real identity information as the transaction address, which preliminarily realizes the anonymity of identity privacy. Unfortunately, because transactions in the Bitcoin network can be linked, attackers can discover users’ real identity information by their blockchain addresses [2, 3]. Therefore, to realize the veritable anonymity of the users’ identity privacy, it is necessary to ensconce the relationship between users and their corresponding blockchain addresses.

The anonymity of identity information can be realized by ring signature and blind signature cryptography algorithms. Ring signature, developed from group signature [4], was first proposed by Rivest [5] in 2001. In the ring signature scheme, multiple users spontaneously constitute a ring and then randomly choose a member in the ring to sign the message. The signer uses his secret key and ring public keys of all members to generate a legal and valid ring signature. The ring signature prevents the exposure of the actual signer and invariably protects the signer’s identity privacy. Another algorithm that can provide anonymity is the blind signature, which was first proposed by Chaum [6] in 1983. In the blind signature scheme, the signer can sign the message in case of unknowing the true content of the signature file. The sign holder sends the blinded message to the signer for signature. The blind signature guarantees that signers hardly infer sign holders’ real identity information through the blind message, which effectively protects sign holders’ identity information privacy. In the blockchain transaction network, numerous anonymous transaction schemes are based on blind signature or ring signature [7–9]. However, the ring signature or blind signature can only guarantee the anonymity of a single user participating in the blockchain transaction, which cannot protect the identity privacy of both parties at the same time. To satisfy the complete anonymity of blockchain transaction users’ identity privacy, it is significant to establish a blind ring signature scheme suitable for complete anonymous blockchain transactions. In 2005, Chan et al. [10] first proposed a blind ring signature algorithm, and since then, numerous blind ring signature schemes have been designed [11–13].

The security of traditional signature algorithms depends on integer decomposition, discrete logarithm and bilinear equivalent mathematical problems. Unfortunately, quantum computing can easily solve traditional difficult mathematical problems. Shor [14] proposed a quantum algorithm that lets RSA cryptography, elliptic curve cryptography, and cryptosystems based on bilinear pairings face serious security challenges. Grover [15] proposed a quantum search algorithm that could provide secondary acceleration for search problems, which seriously threatened the security of symmetric cryptography and the Hash function. Therefore, it is a key research work to find a cryptosystem that can resist quantum computing attacks.

Lattice cryptography is a kind of antiquantum computing cryptography with strong security and high computational efficiency, which is widely used in digital signature algorithm design and blockchain transaction networks. Gentry et al. [16] first designed a signature algorithm with lattice trapdoor sampling, whose security depends on solving the SIS problem. Lyubashevsky [17] proposed a signature scheme without trapdoor sampling, which uses rejection sampling to greatly improve the sampling efficiency. Ducas et al. [18] designed a new signature algorithm with lattice rejection sampling, which further improves the sampling success rate through random sampling on bimodal Gaussian distribution. In 2018, Gao et al. [19] first proposed a postquantum blockchain system, which integrated a lattice-based signature algorithm. In 2022, Zou et al. [20] proposed a lattice-based proxy signature scheme for anonymous blockchain-enabled electronic reporting systems, which not only realized the anonymity of user identity but also solved the problem of misbehaviors untraceability on the blockchain. Moreover, Rückert [21] proposed the first blind lattice-based signature algorithm. Li et al. [22] proposed a new blind signature algorithm applied in blockchain anonymous transaction authentication on the lattice. In addition, Melchor et al. [23] designed the first ring signature algorithm based on lattice cryptography. To further improve the sampling success rate, Wang et al. [24] designed a new ring signature algorithm using Lyubashevsky’s rejection sampling signature [17]. In 2019, Le et al. [25] designed the first blind ring signature algorithm based on the SIS problem with rejection sampling. Moreover, numerous lattice-based blind signature and ring signature schemes have been proposed [26, 27].

In this paper, we design a new lattice-based blind ring signature algorithm in allusion to the completely anonymous blockchain transaction system. The constructed transaction system satisfies the requirements of the user’s identity privacy protection and resistance to quantum attacks. There are three main contributions, which are as follows:(1)We propose a new lattice-based blind ring signature algorithm using the rejection sampling technology. Sampling on the bimodal Gaussian distribution can greatly improve the success rate. In addition, we give proof of correctness and security under the random oracle model, including anonymity, blindness, and one-more unforgeability.(2)We construct a completely anonymous blockchain transaction system based on the proposed blind ring signature and provide detailed processes of the anonymous transaction. The system satisfies the goal of blockchain users’ identity privacy protection and antiquantum computing security.(3)We evaluate the performance of the proposed signature algorithm with other similar literature schemes, including the sampling method, algorithm latency, the size of the signature, and secret and public keys. The evaluation results indicate that our proposed scheme has lower latency and smaller key and signature sizes than other similar schemes.

The organization of this paper is as follows: we present some lattice theories and the blind ring signature’s definition and security model in Section 2. In Section 3, a new lattice-based blind ring signature is designed. In Section 4, we prove the security of our signature algorithm. We construct a completely anonymous blockchain transaction system based on the proposed blind ring signature in Section 5. The performance evaluation of signature algorithms is shown in Section 6. Finally, we provide a conclusion of the paper in Section 7.

2. Preliminaries

2.1. Some Related Theories of Lattice

Definition 1. (Lattice [28]). Given a matrix consists of a group of m-dimensional linearly independent vectors ,…, , … . where Define lattice generated by as the set.Given a prime number q, a matrix , and , define some q-ary lattices.

Definition 2. (Discrete Gaussian Distribution [17]). Define as a discrete Gaussian distribution, where and .

Definition 3. (SIS problem). Given a random matrix and parameters m, n, q, , the problem is to find a nonzero integer vector , such that and .

Lemma 1. (see [17]). For any , , , it satisfies the following:

Lemma 2. (see [17]). For any , , , it satisfies the following:More specially, if , , then with a probability of at least .

Lemma 3. (Rejection Sampling [17]).Select a random vector and a real number , given a subset , and define on V a probability distribution . Then, there exists a constant such that the outputs of the following two algorithms and have a negligible statistical distance of : Algorithm : , , output with probability . Algorithm : , , output with probability .Moreover, the probability that the algorithm outputs something is at least .
More specially, if for any , then . The two algorithms and have a negligible statistical distance off , and the probability that outputs something is at least .

2.2. Blind Ring Signature Model

2.2.1. System Model

The blind ring signature system model is composed of four parts called setup, key generation, signature, and verification [25]. The detailed steps are as follows: Setup. Input a security parameter n and output public parameters PP. Key generation. Generate public key pk and secret key sk for each member of the ring according to the input set of public parameters PP. Signature. The user ϒ submits a message m and blinds it to before sending the message to the signer. Then, the ring R chooses a signer Σj, who takes the secret key sk_j. The signer Σj signs the message and generates a blinded signature . The user ϒ unblinds and gets the real signature . Verification. Output 1 or 0 according to the public parameters PP, message m, signature , and ring public keys . The output of 1 means that the verification is passed, and 0 indicates that it is otherwise.

2.2.2. Security Model

The security model of the blind ring signature includes anonymity, blindness, and one-more unforgeability.

Anonymity: the anonymity property ensures that the user cannot know which member of the ring was the real signer participating in the blind ring signature protocol. For any polynomial-time adversary, the blind ring signature scheme satisfies the anonymity under full key exposure if his advantage in winning the following game with the challenger is negligible.(1)Setup: assume n to be the system security parameter. The challenger calls the setup algorithm in the blind ring signature scheme to generate the set of common parameters PP. Then, according to the common parameters PP, the challenger calls the key generation algorithm to generate a set of public and secret keys (PK, SK) for the ring . The challenger sends the set of common parameters PP and public key PK to the adversary .(2)Query: the adversary submits a message m, a ring R, an index I, and the corresponding public key pk_i to the challenger . The challenger queries the corresponding secret key sk_i according to the index I and then calls the signature algorithm to generate a blinded signature on m for the adversary .(3)Challenge: the adversary submits a message m, a ring R, and two public keys to the challenger for the signature query, where . The challenger chooses a random bit . Then, it uses the secret key and calls the signature algorithm to generate a blinded signature on m and returns to the adversary .(4)Guess: the adversary outputs a bit as a guess of the random bit b. He wins the game if . The advantage of the adversary in the above game is defined as follows: Blindness: it is a basic attribute of the blind ring signature, i.e., all members in the ring cannot know any information about the message to be signed. In other words, the attacker cannot distinguish the original signature of which message a blind ring signature comes from. For any polynomial-time adversary , the blind ring signature scheme satisfies the statistical blindness if his advantage in winning the following game with the challenger is negligible.(1)Setup: assume n to be the system security parameter. The challenger calls the setup algorithm in the blind ring signature scheme to generate the set of common parameters PP. Then, according to the common parameters PP, the challenger calls the key generation algorithm to generate a set of public and secret keys (PK, SK) for the ring . The challenger sends the set of common parameters PP and public key PK to the adversary .(2)Challenge: the adversary α chooses two different blinded messages and , a subring , and its corresponding public keys PK to send it to the challenger . The challenger chooses a random bit , then sets up a blind ring signature protocol taking and the ring as input. The adversary chooses a signer Σj in the ring to sign the hidden blinded message . Finally, the adversary obtains the unblinded signature , otherwise, it restarts this game.(3)Guess: the adversary outputs a bit as a guess of the random bit b. He wins the game if . The advantage of the adversary in the above game is defined as follows: One-more unforgeability: the one-more unforgeability property ensures that the attacker cannot successfully forge a new correct signature through multiple signature inquiries. For any polynomial-time adversary , the blind ring signature scheme satisfies the one-more unforgeability if his probability of winning the following game with the challenger is negligible.(1)Setup: assume n to be the system security parameter. The challenger calls the setup algorithm in the blind ring signature scheme to generate the set of common parameters PP. Then, according to the common parameters PP, the challenger calls the Key generation algorithm to generate a set of public and secret keys (PK, SK) for the ring . The challenger sends the set of common parameters PP and public key PK to the adversary . The secret key SK cannot be disclosed.(2)Query: the adversary submits a message m, a ring R, and its corresponding public keys PK. Then, adaptively, it makes multiple hash queries and blind ring signature queries to the challenger . The challenger must return the hash value and signature value of the corresponding message m to the adversary .(3)Forge: the adversary uses the result of multiple queries to forge of the target message . One-more unforgeability requires that the pair has never passed the signature verification algorithm.

Our proposed blind ring signature algorithm includes five parts: key generation, message blinded, signature, unblind, and verification.

Key generation. Assume n is a system security parameter. We generate the common parameter PP, which has been selected by the same methodology of Li’s scheme [22]. The independent public and secret key pairs for each signer of the ring are generated using the method described in Ducas’s scheme [18], where , , and satisfying .

Message blinded: the signer of the ring R first computes a commitment to the user ϒ. Then, the user ϒ hides the original message m by running the message blinded algorithm and outputting the blinded message. The detail is shown in algorithm 1.

	Input: system public parameters PP, original message m, public keys of the ring R.
	Output: blinded message .
	Step 1: choose a set of random vectors from the bimodal Gaussian distribution .
	Step 2: compute the commitment .
	Step 3: choose a set of blind factors from the bimodal Gaussian distribution .
	Step 4: compute .
	Step 5: compute .
	Step 6: choose a random bit .
	Step 7: compute .
	Step 8: output the blinded message with probability .

Signature: the ring R chooses a signer Σj. Σj calls the signature algorithm after receiving the blinded message and then outputs the blinded signature Σ′. The detail is shown in algorithm 2.

	Input: system public parameters PP, blinded message , the secret key of the signer Σj.
	Output: blinded signature .
	Step 1: for all : compute ; for : compute .
	Step 2: output with probability .
	Step 3: output the blinded signature .

Unblind: the user ϒ runs the unblind algorithm after receiving the blinded signature and then outputs the real blind ring signature Σ. The detail is shown in algorithm 3.

	Input: system public parameters PP, blinded signature .
	Output: blind ring signature .
	Step 1: for all : compute .
	Step 2: output with probability .
	Step 3: output the real blind ring signature .

Verification: the verifier runs the verification algorithm after receiving the original message m and bling ring signature . Then, he outputs 1 if the verification is passed. It is 0, otherwise. The detail is shown in algorithm 4.

	Input: system public parameters PP, original message m, public keys of the ring R, blind ring signature .
	Output: 1 or 0.
	Step 1: verify that for all .
	Step 2: verify that .
	Step 3: output 1 if the verification in steps 1 and 2 passed and 0 otherwise.

4. Correctness and Security Proof

4.1. Correctness

For the generated blind ring signature , are sampled from the distribution , and according to Lemma 1, is established with an overwhelming probability for all . Therefore, the correctness is to prove . The proof of the equation is as follows:

4.2. Security Proof

4.2.1. Anonymity

The adversary submits a message m and two users to the challenger for a signature query. The challenger randomly chooses a bit and calls the message blinded algorithm and signature algorithm to generate a blinded signature on m, where , output probability , and for all . Then, the challenger returns to the adversary . Let two random variables and represent the blinded signatures generated by the user and .

Suppose that the adversary obtains the blinded signature by sampling each from with probability , let the random variable represent the blinded signature generated by this way. The statistical distance [28] between and satisfies , and the statistical distance between and satisfies . Therefore, we have the following:

The statistical distance between and is negligible. Therefore, the distribution of blinded signatures and is indistinguishable. The proposed scheme satisfies anonymity.

4.2.2. Blindness

The adversary submits two different blinded messages, and , and interacts with two different users and . The adversary and the challenger only choose one of the two users for establishing an interactive blind ring signature protocol. It should be noted that the adversary does not know the user’s information who is interacting with him, i.e., we can only prove that the outputs, i.e., the two blind messages and , are indistinguishable, and the corresponding blind ring signature and are also indistinguishable, where and .

For two blinded messages, and , because of the construction and the output probability , we can get that and are sampled from the same distribution . Therefore, the statistical distance between and satisfies and they are indistinguishable. For two blind ring signatures and , because for all and the output probability , we can get and are sampled from the same distribution . Therefore, the statistical distance between and satisfies , and they are indistinguishable. The proposed scheme satisfies blindness.

4.2.3. One-More Unforgeability

Theorem 1. If an adversary α can successfully give the effective forgery, there will be existing a polynomial-time algorithm Φ that can solve the problem with non-negligible probability.

Proof. We will prove the one-more unforgeability of the scheme by the simulation game between challenger and adversary . The simulation game controlled by challenger is executed as follows: Setup: challenger builds two initial empty lists, List 1 and List 2, respectively, to store the hash value and signature value of message m. Then, adversary will make hash queries and signature queries to challenger. Hash queries: The adversary sends a hash query for message m to challenger . Challenger checks List 1, where List 1 consists of the pair . If the queried message m is in List 1, challenger sends the corresponding to adversary. If not, challenger will compute a new , restore into List 1, and send it to adversary. Signature queries: The adversary sends a signature query for message m to challenger. hThe challenger checks List 2, where List 2 consists of the pair . If the queried message m is in List 2, challenger sends the corresponding signature value to adversary . If not, challenger will generate a new signature, restore the new pair into List 2, and send it to adversary . Forge: suppose is a result of a hash query made by the adversary . Then, we can get the following:For two different blind ring signature pairs, and . We can find a hash collision if there exists inequality in the input of the hash function H on both sides of the equal sign of equation (10). Therefore, we can derive that , with an overwhelming probability. Further simplification can be obtained as . Let , and we have the following:Let and . Then, we have .As the forgery of the adversary is valid, there exists at least a bit i such that and with an overwhelming probability, i.e., we can get with great probability. Finally, we say that we can successfully solve the SIS problem. The detailed proving process is as follows:
Suppose that is a result of a hash query made by the adversary , and we can get a new valid forgery for message and ring . We have and with a non-negligible probability according to the Forking lemma [29]. Let , and . We have . Because and , we can derive and . In addition, as for all , according to algorithm 4, we have . Then, it satisfies . Therefore, is a solution to the problem with , where and . The proposed scheme satisfies the one-more unforgeability.

5. The Completely Anonymous Blockchain Transaction System

In this section, we construct a completely anonymous blockchain transaction system based on the proposed lattice-based blind ring signature algorithm. Assume a blockchain transaction is required between Alice and Bob, and stipulate that Alice transfers accounts to Bob. The transaction between Alice and Bob is recorded in a ledger and packaged into the blockchain. The overall schematic diagram of the anonymous blockchain transaction system is shown in Figure 1. The detailed process mainly includes the following five steps: Key generation: firstly, Alice constructs a ring R composed of multiple members and calls the key generation algorithm and then gets the public and secret key pair of ring R, where is a set of ring public keys. Transaction generation: Bob initiates a transaction request with Alice and generates a piece of transaction information m. Bob and Alice run the blind ring signature algorithm in Section 3. Then, Bob selects the blind factor and utilizes the ring public keys of Alice to blind the transaction information m to . Alice uses the secret key to generate a signature for blinded transaction information . Bob obtains the real blind ring signature of the transaction information m using the unblind algorithm. Finally, Bob generates a new transaction utilizing the ring public keys and the blind ring signature of the transaction information m. Transaction authentication: Bob broadcasts the transaction to the blockchain network, and the miner nodes in the blockchain use the ring public keys of Alice to verify whether the blind ring signature is correct. It indicates that the transaction is correct if the verification passes, and then, it encapsulates the transaction in a new block. Otherwise, the transaction will be discarded. Network-wide consensus. The miners broadcast communication through the consensus mechanism and agree to add a new block containing the transaction to the blockchain. Meanwhile, miners who create the new block will be rewarded by the system. Transaction completion: after blockchain miners have successfully reached the network-wide consensus on the transaction, Bob can consume the transfer received from Alice under the above steps.

The proposed transaction system has the characteristic of complete anonymity that can hide the identity privacy information of both parties participating in a blockchain transaction. For the internal attackers involved in the transaction, based on the blind signature feature, as the transaction initiator performs blind processing on the transaction information, the internal attacker cannot associate any veritable identity of the initiator through the transaction information. Therefore, for the input of each transaction, the internal attacker cannot trace whether it was initiated by the same user. For the external attackers not involved in the transaction, based on the ring signature feature, as the signature of the transaction is verified through ring public keys rather than a unique public key, it is impossible to determine the specific public key associated with the real signer. Therefore, for the output of any two transactions, the external attacker cannot link to the same transaction user. Moreover, the signature algorithm adopted in this system is based on the SIS problem, which cannot be availably solved by existing quantum computing algorithms. Therefore, the system satisfies antiquantum computing security.

6. Performance Evaluation

In this section, we make an evaluation on the performance of the proposed signature algorithm by comparing with other similar literature schemes, including signature and verification algorithm latency, sampling method, the size of the signature, and secret and public keys. Firstly, we give some parameter settings, and then, the comparison results will be presented through theoretical analysis and simulation experiments.

6.1. Parameters Setting

The relevant public parameters of our scheme are set as shown in Table 1, which are the same as in [17]. We select the security level bits and corresponding challenge size as an example. Meanwhile, the computational complexity of the SIS problem is maintained by reasonably selecting the parameter n, m, q, which can guarantee the security of public key and secret key. Moreover, the correctness error of the reject sample will be at the most , which requires that and . Then, and will be derived by the same method.

6.2. Comparison with Other Similar Schemes

We carry out the simulation experiment of efficiency comparison by utilizing MATLAB R2021b in the environment of Windows 11 with Intel(R) Core(TM) i7-10510U CPU 1.80 GHz and 16 G RAM. Assume that the same parameters , set according to Table 1, are utilized in each of these schemes, the detailed keys and signature size comparison results are shown in Table 2. We choose the parameters , , and for the simulation experiment. Then, we compute the public key size, secret key size, and signature size for the different security parameter , such as 80, 112, 128, 192, 256, 512. The comparison results of the public key size, secret key size, and signature size are separately shown in Figures 2–4. It can be seen from the experimental results that the size of the signature, secret, and public keys of our proposed scheme are all smaller than others [25, 30]. Moreover, we generate the public and secret keys without trapdoor sampling, which improves sampling efficiency and saves more time for performance.

Next, the results of the signature and verification algorithm latency comparison are shown in Table 3. The signature algorithm latency of the blind ring signature scheme includes message blinded, signature, and unblind algorithm latency. Here, some notations, such as , , , and , should be explained. The latency for multiplication is represented by . The latency for the Hash operation is represented by . The latency for rejection sampling operation is represented by . The latency for commitment function calculation is represented by . As can be seen from Table 3, our proposed blind ring signature scheme has lower signature and verification algorithm latency than the other similar scheme [25].

7. Conclusion

In this paper, we propose a new lattice-based blind ring signature scheme, which satisfies the correctness and security under the random oracle model, including anonymity, blindness, and one-more unforgeability. Meanwhile, the constructed blockchain transaction system based on our proposed blind ring signature satisfies the complete anonymity and antiquantum computing security of users’ identity privacy. Moreover, the proposed signature scheme has lower latency, smaller key, and signature sizes than other similar schemes.

However, our proposed scheme has some limitations. On the one hand, the proposed blind ring signature scheme relies on the difficult problem on the standard lattice, which leads to some disadvantages, such as large storage space of the key matrix, low operation speed, and slow sampling rate, by comparing with structured lattice, such as ideal lattice. On the other hand, our constructed blockchain transaction system focuses on the implementation of user identity anonymity while ignoring the problem of double-spending attacks. In the future, firstly, we will study the linkable blind ring signature algorithm based on the ideal lattice to solve the limitations in the current work. Secondly, we will introduce the proposed blind ring signature algorithm into more specific blockchain application scenarios, such as medical blockchain and blockchain-enabled Internet of Things. Finally, we will study more cryptographic methods for blockchain data privacy protection, such as searchable encryption [32, 33], to improve blockchain privacy protection mechanisms.

Data Availability

The data and the code used to support the findings of this study are available from the corresponding author upon request.

Conflicts of Interest

The authors declare that they have no conflicts of interest to report regarding the present study.

Acknowledgments

This work was supported by the Fundamental Research Funds for Beijing Municipal Commission of Education, the Scientific Research Launch Funds of North China University of Technology, and Beijing Urban Governance Research Base of North China University of Technology.

References

S. Nakamoto, “Bitcoin: A Peer-To-Peer Electronic Cash System,” Decentralized Business Review, vol. 21260, 2008.
View at: Google Scholar
M. Ober, S. Katzenbeisser, and K. Hamacher, “Structure and anonymity of the bitcoin transaction graph,” Future Internet, vol. 5, no. 2, pp. 237–250, 2013.
View at: Google Scholar
F. Reid and M. Harrigan, “An analysis of anonymity in the bitcoin system,” Security and Privacy in Social Networks, Springer, New York, NY, USA, pp. 197–223, 2013.
View at: Google Scholar
D. Chaum and E. V. Heyst, “Group signatures,” Workshop on the Theory and Application of Cryptographic Techniques, Springer, Heidelberg, Germany, pp. 257–265, 1991.
View at: Google Scholar
R. L. Rivest, A. Shamir, and Y. Tauman, “How to leak a secret,” in Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, pp. 552–565, Springer, Heidelberg, Germany, June 2001.
View at: Google Scholar
D. Chaum, “Blind signatures for untraceable payments,” Advances in Cryptology, Springer, Boston, MA, USA, pp. 199–203, 1983.
View at: Google Scholar
X. Yi and K. Y. Lam, “A new blind ECDSA scheme for bitcoin transaction anonymity,” in Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 613–620, Association for Computing Machinery, New York, NY, USA, June 2019.
View at: Google Scholar
H. Yi, “A traceability method of biofuel production and utilization based on blockchain,” Fuel, vol. 310, Article ID 122350, 2022.
View at: Publisher Site | Google Scholar
Z. Wang and J. Fan, “Flexible threshold ring signature in chronological order for privacy protection in edge computing,” IEEE Transactions on Cloud Computing, vol. 10, no. 2, pp. 1253–1261, 2022.
View at: Publisher Site | Google Scholar
T. K. Chan, K. Fung, J. K. Liu, and V. K. Wei, “Blind spontaneous anonymous group signatures for ad hoc groups,” in Proceedings of the European Workshop on Security in Ad-Hoc and Sensor Networks, pp. 82–94, Springer, Heidelberg, Germany, July 2004.
View at: Google Scholar
Q. Wu, F. Zhang, W. Susilo, and Y. Mu, “An efficient static blind ring signature scheme,” in Proceedings of the International Conference on Information Security and Cryptology, pp. 410–423, Springer, Heidelberg, Germany, May 2005.
View at: Google Scholar
H. Sun and Y. Ge, “New certificateless blind ring signature scheme,” TELKOMNIKA (Telecommunication Computing Electronics and Control), vol. 12, no. 1, pp. 778–783, 2014.
View at: Publisher Site | Google Scholar
D. Hoang Duong, W. Susilo, and H. T. N. Tran, “A multivariate blind ring signature scheme,” The Computer Journal, vol. 63, no. 8, pp. 1194–1202, 2020.
View at: Publisher Site | Google Scholar
P. W. Shor, “Algorithms for quantum computation: discrete logarithms and factoring,” in Proceedings of the 35th Annual Symposium on Foundations of Computer Science, pp. 124–134, IEEE, Santa Fe, NM, USA, November 1994.
View at: Google Scholar
L. K. Grover, “A fast quantum mechanical algorithm for database search,” in Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 212–219, Association for Computing Machinery, New York, NY, USA, July 1996.
View at: Google Scholar
C. Gentry, C. Peikert, and V. Vaikuntanathan, “Trapdoors for hard lattices and new cryptographic constructions,” in Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing, pp. 197–206, Association for Computing Machinery, New York, NY, USA, May 2008.
View at: Google Scholar
V. Lyubashevsky, “Lattice signatures without trapdoors,” in Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 738–755, Springer, Heidelberg, Germany, June 2012.
View at: Google Scholar
L. Ducas, A. Durmus, T. Lepoint, and L. Vadim, “Lattice signatures and bimodal Gaussians,” in Proceedings of the Annual Cryptology Conference, pp. 40–56, Springer, Heidelberg, Germany, July 2013.
View at: Google Scholar
Y. L. Gao, X. B. Chen, Y. L. Chen, Y. Sun, X. X. Niu, and Y. X. Yang, “A secure cryptocurrency scheme based on post-quantum blockchain,” IEEE Access, vol. 6, Article ID 27205, 2018.
View at: Publisher Site | Google Scholar
H. Zou, X. Liu, W. Ren, and Z. Tianqing, “A decentralized electronic reporting scheme with privacy protection based on proxy signature and blockchain,” Security and Communication Networks, vol. 2022, Article ID 5424395, 8 pages, 2022.
View at: Publisher Site | Google Scholar
M. Rückert, “Lattice-based blind signatures,” in Proceedings of the International Conference on the Theory and Application of Cryptology and Information Security, pp. 413–430, Springer, Heidelberg, Germany, July 2010.
View at: Google Scholar
C. Li, Y. Tian, X. Chen, and J. Li, “An efficient anti-quantum lattice-based blind signature for blockchain-enabled systems,” Information Sciences, vol. 546, pp. 253–264, 2021.
View at: Google Scholar
C. A. Melchor, S. Bettaieb, and X. Boyen, “Adapting Lyubashevsky’s signature schemes to the ring signature setting,” in Proceedings of the International Conference on Cryptology in Africa, pp. 1–25, Springer, Heidelberg, Germany, June 2013.
View at: Google Scholar
R. Zhao, S. Wang, and Y. Zhang, “Lattice-based ring signature scheme under the random oracle model,” International Journal of High Performance Computing and Networking, vol. 11, no. 4, pp. 332–341, 2018.
View at: Publisher Site | Google Scholar
H. Q. Le, D. H. Duong, and W. Susilo, “A blind ring signature based on the short integer solution problem,” in Proceedings of the International Workshop on Information Security Applications, pp. 92–111, Springer, Cham, New York, NY, USA, June 2019.
View at: Google Scholar
G. Xu, Y. B. Cao, S. Y. Xu et al., “A novel post-quantum blind signature for log system in blockchain,” Computer Systems Science and Engineering, vol. 41, no. 3, pp. 945–958, 2022.
View at: Publisher Site | Google Scholar
C. H. Jiao and X. Y. Xiang, “Anti-quantum lattice-based ring signature scheme and applications in VANETs,” Entropy, vol. 23, no. 10, p. 1364, 2021.
View at: Publisher Site | Google Scholar
D. Micciancio and O. Regev, “Lattice-based cryptography,” Post-Quantum Cryptography, Springer, Heidelberg, Germany, pp. 147–191, 2009.
View at: Google Scholar
M. Bellare and G. Neven, “Multi-signatures in the plain public-key model and a general forking lemma,” in Proceedings of the 13th ACM Conference on Computer and Communications Security, pp. 390–399, Association for Computing Machinery, New York, NY, USA, October 2006.
View at: Google Scholar
J. Wang and B. Sun, “Ring signature schemes from lattice basis delegation,” in Proceedings of the International Conference on Information and Communications Security, pp. 15–28, Springer, Heidelberg, Germany, July 2011.
View at: Google Scholar
D. Micciancio and S. Goldwasser, “Complexity of lattice problems: a cryptographic perspective,” Springer Science & Business Media, vol. 671, 2012.
View at: Google Scholar
G. Xu, S. Xu, Y. Cao, F. Yun, Y. Cui, Y. Yu et al., “PPSEB: a postquantum public-key searchable encryption scheme on blockchain for E-healthcare scenarios,” Security and Communication Networks, vol. 2022, Article ID 3368819, 13 pages, 2022.
View at: Google Scholar
G. Xu, Y. Cao, S. Xu, X. Liu, X. B. Chen, and Y. Yu, “A Searchable Encryption Scheme Based on Lattice for Log Systems in Blockchain,” CMC-Computers Materials & Continua, vol. 72, no. 3, pp. 5429–5441, 2022.
View at: Google Scholar

Copyright

Copyright © 2022 Yi-Yang Xie et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

743

Downloads

483

Citations

Security and Communication Networks

Advances in Security and Performance of Blockchain Systems

A New Lattice-Based Blind Ring Signature for Completely Anonymous Blockchain Transaction Systems

Abstract

1. Introduction

2. Preliminaries

2.1. Some Related Theories of Lattice

2.2. Blind Ring Signature Model

2.2.1. System Model

2.2.2. Security Model

3. Proposed Blind Ring Signature Algorithm

4. Correctness and Security Proof

4.1. Correctness

4.2. Security Proof

4.2.1. Anonymity

4.2.2. Blindness

4.2.3. One-More Unforgeability

5. The Completely Anonymous Blockchain Transaction System

6. Performance Evaluation

6.1. Parameters Setting

6.2. Comparison with Other Similar Schemes

7. Conclusion

Data Availability

Conflicts of Interest

Acknowledgments

References

Copyright