* Anonymous Identification in Ad Hoc Groups
- States they can accomplish constant sized signatures. This is not the case however, as they either need to send the group S as a part of the signature or assume that the group S is somewhat static and can thus be assumed to be known. This seems like quite the stretch and I do not consider their signatures to be constant sized as such.
- If this assumption holds, extending it to a threshold scheme is intuitive.
* Short Linkable Ring Signatures Revisited
- These guys use a CA (certificate or central authority?), as part of their key-gen algorithm. This is not a nice feature for complete ad-hoc schemes.
- Question, are we okay with having a central authority? This CA is only used within keygen to create a certificate, it is not used when signing.
* Short Linkable Ring Signatures for E-voting,E-cash and Attestation
- Also requires a CA..
* The others mentioned in RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero
- Are not public key based, but instead identity based and as such likely requires a PKG as well.
* Constant Size Ring Signature Without Random Oracle
- Uses something called Groth-Sahai commitments whick work in the CRS model..
  + I don't know if you can perhaps make this not be in the CRS model
- Extending this to a constant-sized blind ring signature is an open problem.
  + What is a blind ring?