On the Security Models of (Threshold) Ring Signature Schemes

摘要

We make fine-grained distinctions on the security models for provably secure ring signature schemes. Currently there are two commonly used security models which are specified by Rivest et al. and Abe et al.. They offer different levels of security. In this paper, we introduce a new but compatible model whose security level can be considered to be lying in between these two commonly used models. It is important to make fine-grained distinctions on the security models because some schemes may be secure in some of the models but not in the others. In particular, we show that the bilinear map based ring signature scheme of Boneh et al., which have been proven secure in the weakest model (the one specified by Rivest et al.), is actually insecure in stronger models (the new model specified by us in this paper and the one specified by Abe et al.). We also propose a secure modification of their scheme for each of the two stronger models. In addition, we propose a threshold ring signature scheme using bilinear maps and show its security against adaptive adversaries in the strongest model defined in this paper. Throughout the paper, we carry out all of the security analyses under the random oracle assumption.