1.4 KiB
1.4 KiB
- Anonymous Identification in Ad Hoc Groups
- Short Linkable Ring Signatures Revisited
- Short Linkable Ring Signatures for E-voting,E-cash and Attestation
- The others mentioned in RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero
- Constant Size Ring Signature Without Random Oracle
Anonymous Identification in Ad Hoc Groups
- States they can accomplish constant sized signatures. This is not the case however, as they either need to send the group S as a part of the signature or assume that the group S is somewhat static and can thus be assumed to be known. This seems like quite the stretch and I do not consider their signatures to be constant sized as such.
- If this assumption holds, extending it to a threshold scheme is intuitive.
Short Linkable Ring Signatures Revisited
- These guys use a CA (certificate or central authority?), as part of their key-gen algorithm. This is not a nice feature for complete ad-hoc schemes.
- Question, are we okay with having a central authority? This CA is only used within keygen to create a certificate, it is not used when signing.
Short Linkable Ring Signatures for E-voting,E-cash and Attestation
- Also requires a CA..
The others mentioned in RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero
- Are not public key based, but instead identity based and as such likely requires a PKG as well.
Constant Size Ring Signature Without Random Oracle
-
Uses something called Groth-Sahai commitments whick work in the CRS model..
- I don't know if you can perhaps make this not be in the CRS model
-
Extending this to a constant-sized blind ring signature is an open problem.
- What is a blind ring?