From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 11 Jul 2024 03:39:09 -0700 Received: from mail-yb1-f187.google.com ([209.85.219.187]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sRrCf-00052v-75 for bitcoindev@gnusha.org; Thu, 11 Jul 2024 03:39:09 -0700 Received: by mail-yb1-f187.google.com with SMTP id 3f1490d57ef6-e032d4cf26asf1306527276.3 for ; Thu, 11 Jul 2024 03:39:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1720694342; x=1721299142; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:x-original-sender :mime-version:subject:message-id:to:from:date:from:to:cc:subject :date:message-id:reply-to; bh=T+RHw8te0HUKIIOb1pf49UzHouwRvZxwk8yqMxSt7CU=; b=Ap24MgaD/VPrRJpfGkjXz+gqolJX0w2syhQ4+4IDgBUVbvuhUeY1ZZ8kJK6X57XJwT KRLySZ2bE2smVH6Jqp8Z1eKzhZub+DoDfzkMaoDL/KWlpt0vj7Tt11j5x8yHWQ86RuxA IsqsLvk3V/l6F9joFqXk8Gw9A1xN91BmhwTsyCCDvTh0gNzbqpq7xAt3EVlLb/iTvL5l +4hvCWqkQZ5+XHb/zB6zwnyuAO9Nx+ZTduF1Me2P0J+YFdktLYurbcWenZYC7W2gV3H4 cgkOygayhjh0CtCDSCGCrxfS0VFlF8Lj/C7rfmBNhwJ7JiOo4OQPHjldDrxXSYldbFuj 5dNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720694342; x=1721299142; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:x-original-sender :mime-version:subject:message-id:to:from:date:x-beenthere :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=T+RHw8te0HUKIIOb1pf49UzHouwRvZxwk8yqMxSt7CU=; b=Ziu1m4CWADl0hw08tyP5ZLOrxPQJyH0qB4w7CF+Hq4Be3g/nunjkzpxRA5ALHSqT3Y rISCxs4Zs6nmUY0DPVmrNTVFHjB7EkKf/ODjsn6IQxeApSOxxN9nAQwkyv4UojHt6nww kbWsqpFuCdv5BIfAL3c3lx6zkssneGYrecyT6Uwi6LDevVfHvrq57LyfDPUFpBZKMJgZ zaVHMrXYf3ShBVcv2qcLxYz+BqoRizxJG2bVNJlln4PPup2b+YFNYeWZn+tsLX6kX+XM w1K8YMCy/VcPPEHdUL7tgLSwlFBqHqLp9I/XIUgGaMRFDD9Qd4dXQ3CN+k/xtRwZ2NXr 5kpA== X-Forwarded-Encrypted: i=1; AJvYcCW3tT5mYvqLESWTRp8oYo3rw5ucmTDlE/GR3yUe6Vxump6JTecYosViYwmch1ZMqRpiUm4IAljzFvchpJNdbJqyuYMz8B0= X-Gm-Message-State: AOJu0YxStM2Lmerrpz7xSSR058iYyV7dtotnBNJQvsZD8oVHi5JbfsmR b4pcijj+H2PGaIm33hZztxfWEEAVqC9plSryKnHZjpDPiF4lom33 X-Google-Smtp-Source: AGHT+IH3JstOFGtbEmu5SHES7w9pJnb3rLccyiezQ7UkKdEeL5E1e8z0idnc9DLyo0BJ6r/mEaSaRA== X-Received: by 2002:a25:ab2c:0:b0:e03:4d25:3182 with SMTP id 3f1490d57ef6-e041b03a036mr9540775276.6.1720694342081; Thu, 11 Jul 2024 03:39:02 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6902:18c3:b0:e03:514d:f716 with SMTP id 3f1490d57ef6-e057904fdd9ls1243071276.2.-pod-prod-07-us; Thu, 11 Jul 2024 03:39:00 -0700 (PDT) X-Received: by 2002:a05:6902:1b12:b0:e03:b3e8:f9a1 with SMTP id 3f1490d57ef6-e041b02fabamr557148276.2.1720694340455; Thu, 11 Jul 2024 03:39:00 -0700 (PDT) Received: by 2002:a81:8546:0:b0:64b:8595:7a39 with SMTP id 00721157ae682-65bbb1ba283ms7b3; Thu, 11 Jul 2024 00:11:09 -0700 (PDT) X-Received: by 2002:a05:690c:628a:b0:64b:2608:a6b9 with SMTP id 00721157ae682-65ca20118ccmr532687b3.3.1720681868668; Thu, 11 Jul 2024 00:11:08 -0700 (PDT) Date: Thu, 11 Jul 2024 00:11:08 -0700 (PDT) From: "'Ed Hughes' via Bitcoin Development Mailing List" To: Bitcoin Development Mailing List Message-Id: <672a69c1-aea9-4395-96cf-9a702bb94b82n@googlegroups.com> Subject: [bitcoindev] A new logarithmic-size signature scheme LS-LSAG MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_83246_1008413778.1720681868342" X-Original-Sender: edsgerhughes@protonmail.com X-Original-From: Ed Hughes Reply-To: Ed Hughes Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -1.0 (-) ------=_Part_83246_1008413778.1720681868342 Content-Type: multipart/alternative; boundary="----=_Part_83247_490786043.1720681868342" ------=_Part_83247_490786043.1720681868342 Content-Type: text/plain; charset="UTF-8" Hello all, I'd like to propose an idea of a simple logarithmic-size ring signature scheme which can be used in the blockchain and related applications. The signature is called LS-LSAG, a draft of it is available at https://eprint.iacr.org/2024/921 In making this announcement I'd like to ask the community to comment on the idea if anyone is interested. LS-LSAG has such a design so that it can drop-in replace the well-known linear-size LSAG/CLSAG signature. Also, it looks compatible with the full-chain Curve Trees, which in turn can drop-in replace both LS-LSAG and LSAG/CLSAG at the price of using one more curve with specific properties. In more detail, LS-LSAG is built up of almost the same systems of equations as LSAG/CLSAG. However, it makes a call to the inner-product argument instead of doing the sequential challenges. This results in the size reduction from linear to logarithmic and in the compatibility with LSAG/CLSAG. Particularly, LS-LSAG and LSAG has the same key image. Formally, LS-LSAG is a log-size linkable ring signature without trusted setup in a pairings-free prime-order group of EC points under the DL assumption. Unforgeability of LS-LSAG follows from the DL and collision-resistance of the standard hash-to-curve function, the draft contains a detailed proof sketch of this. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/672a69c1-aea9-4395-96cf-9a702bb94b82n%40googlegroups.com. ------=_Part_83247_490786043.1720681868342 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hello all,

I'd like to propose an idea of a simple logarithmic-s= ize ring signature scheme=C2=A0
which can be used in the blockchain and= related applications. The signature is=C2=A0
called LS-LSAG, a d= raft of it is available at https://eprint.iacr.org/2024/921=C2=A0
=
In making this announcement I'd like to ask the community = to comment on=C2=A0
the idea if anyone is interested.
<= br />LS-LSAG has such a design so that it can drop-in replace the well-know= n linear-size
LSAG/CLSAG signature. Also, it looks compatible wit= h the full-chain Curve Trees,=C2=A0
which in turn can drop-in rep= lace both LS-LSAG and LSAG/CLSAG at the price of
using one more c= urve with specific properties.

In more detail, LS-LSAG is b= uilt up of almost the same systems of equations as
LSAG/CLSAG. Ho= wever, it makes a call to the inner-product argument instead of=C2=A0
=
doing the sequential challenges. This results in the size reduction fr= om linear to logarithmic and in the compatibility with LSAG/CLSAG. Particul= arly, LS-LSAG and=C2=A0
LSAG has the same key image.

F= ormally, LS-LSAG is a log-size linkable ring signature without trusted setu= p in a=C2=A0
pairings-free prime-order group of EC points under t= he DL assumption.=C2=A0
Unforgeability of LS-LSAG follows from th= e DL and collision-resistance of the=C2=A0
standard hash-to-curve= function, the draft contains a detailed proof sketch of this.

<= br />

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg= id/bitcoindev/672a69c1-aea9-4395-96cf-9a702bb94b82n%40googlegroups.com.=
------=_Part_83247_490786043.1720681868342-- ------=_Part_83246_1008413778.1720681868342--