public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: "'Ed Hughes' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: [bitcoindev] A new logarithmic-size signature scheme LS-LSAG
Date: Thu, 11 Jul 2024 00:11:08 -0700 (PDT)	[thread overview]
Message-ID: <672a69c1-aea9-4395-96cf-9a702bb94b82n@googlegroups.com> (raw)


[-- Attachment #1.1: Type: text/plain, Size: 1727 bytes --]

Hello all,

I'd like to propose an idea of a simple logarithmic-size ring signature 
scheme 
which can be used in the blockchain and related applications. The signature 
is 
called LS-LSAG, a draft of it is available at 
https://eprint.iacr.org/2024/921 

In making this announcement I'd like to ask the community to comment on 
the idea if anyone is interested.

LS-LSAG has such a design so that it can drop-in replace the well-known 
linear-size
LSAG/CLSAG signature. Also, it looks compatible with the full-chain Curve 
Trees, 
which in turn can drop-in replace both LS-LSAG and LSAG/CLSAG at the price 
of
using one more curve with specific properties.

In more detail, LS-LSAG is built up of almost the same systems of equations 
as
LSAG/CLSAG. However, it makes a call to the inner-product argument instead 
of 
doing the sequential challenges. This results in the size reduction from 
linear to logarithmic and in the compatibility with LSAG/CLSAG. 
Particularly, LS-LSAG and 
LSAG has the same key image.

Formally, LS-LSAG is a log-size linkable ring signature without trusted 
setup in a 
pairings-free prime-order group of EC points under the DL assumption. 
Unforgeability of LS-LSAG follows from the DL and collision-resistance of 
the 
standard hash-to-curve function, the draft contains a detailed proof sketch 
of this.


-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/672a69c1-aea9-4395-96cf-9a702bb94b82n%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 2211 bytes --]

                 reply	other threads:[~2024-07-11 10:39 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=672a69c1-aea9-4395-96cf-9a702bb94b82n@googlegroups.com \
    --to=bitcoindev@googlegroups.com \
    --cc=edsgerhughes@protonmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox