From: "'Ed Hughes' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: [bitcoindev] A new logarithmic-size signature scheme LS-LSAG
Date: Thu, 11 Jul 2024 00:11:08 -0700 (PDT) [thread overview]
Message-ID: <672a69c1-aea9-4395-96cf-9a702bb94b82n@googlegroups.com> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 1727 bytes --]
Hello all,
I'd like to propose an idea of a simple logarithmic-size ring signature
scheme
which can be used in the blockchain and related applications. The signature
is
called LS-LSAG, a draft of it is available at
https://eprint.iacr.org/2024/921
In making this announcement I'd like to ask the community to comment on
the idea if anyone is interested.
LS-LSAG has such a design so that it can drop-in replace the well-known
linear-size
LSAG/CLSAG signature. Also, it looks compatible with the full-chain Curve
Trees,
which in turn can drop-in replace both LS-LSAG and LSAG/CLSAG at the price
of
using one more curve with specific properties.
In more detail, LS-LSAG is built up of almost the same systems of equations
as
LSAG/CLSAG. However, it makes a call to the inner-product argument instead
of
doing the sequential challenges. This results in the size reduction from
linear to logarithmic and in the compatibility with LSAG/CLSAG.
Particularly, LS-LSAG and
LSAG has the same key image.
Formally, LS-LSAG is a log-size linkable ring signature without trusted
setup in a
pairings-free prime-order group of EC points under the DL assumption.
Unforgeability of LS-LSAG follows from the DL and collision-resistance of
the
standard hash-to-curve function, the draft contains a detailed proof sketch
of this.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/672a69c1-aea9-4395-96cf-9a702bb94b82n%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 2211 bytes --]
reply other threads:[~2024-07-11 10:39 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=672a69c1-aea9-4395-96cf-9a702bb94b82n@googlegroups.com \
--to=bitcoindev@googlegroups.com \
--cc=edsgerhughes@protonmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox