11-22-2024
BSV
$68.83
Vol 203.68m
-8.1%
BTC
$98939
Vol 117556.83m
2.01%
BCH
$496.95
Vol 2190.94m
1.74%
LTC
$91
Vol 1455.5m
5.54%
DOGE
$0.39
Vol 10228.23m
2.52%
Getting your Trinity Audio player ready...

This post was first published on Medium

We have implemented the first-ever Ring signature in Bitcoin.

Ring Signatures

Actual signer with a key concept
Anyone in the ring can sign and no one can tell who signed

ring signature is a type of digital signature that allows a message to be signed by a single member in a group, or a ring. It proves that someone in the ring indeed signs, but there is no way to identify the actual signer amongst the ring members.

Its increased privacy enables many applications, such as:

  • whistleblowing: a government whistleblower wants to leak that his agency is secretly collecting citizens’ private data, yet wants to remain anonymous due to the risk of being fired. By using a ring signature, he can demonstrate that he works for the agency and thus add credibility to the claim, while concealing his identity.
  • e-voting: a voter signs his vote on behalf of all the people eligible to vote. She proves she has registered and is eligible to vote, without disclosing her vote¹.
  • private membership authentication: a user proves to an application she is registered without disclosing who she is.

It has been used by many blockchains to preserve privacy, most notably in Monero.

Ring signatures in Bitcoin

There are multiple ways to implement ring signatures. We choose a scheme called Spontaneous Anonymous Group signatures², because it is based in elliptic curve and amenable for implementation in Bitcoin.

Signing

Given a message, a group/ring of public keys, and a private key, a signature is produced as follows:

Signature from a group/ring of public keys with a given message
Signing

Verifying

Given a signature, a message, and a ring of public keys, the following algorithm determines if the signature is created by a private key corresponding to a public key in the ring, in two steps:

algorithm from a message, and a ring of public keys with a given signature
Verifying

Implementation

We have implemented Ring signature verification, using elliptic curve library. Anyone who knows a private key of the group of public keys can sign and spend the coins locked in the contract. No one can tell which one signed, even the group members.

Contract RingSig

Line 21 to 31 iteratively update c, as in step 1. Line 34 checks step 2.

***

NOTES:

[1] A ring signature that is linkable, which allows identifying whether two signatures belong to the same signer, is needed to detect double-voting.

[2] Section 3.3 of Zero to Monero.

Watch: CoinGeek New York presentation, Smart Contracts & Computation on Bitcoin

Recommended for you

David Case gets technical with Bitcoin masterclass coding sessions
Whether you're a coding pro or a novice, David Case's livestream sessions on the X platform are not to be...
November 21, 2024
NY Supreme Court’s ruling saves BTC miner Greenidge from closing
However, the judge also ruled that Greenidge must reapply for the permit and that the Department of Environmental Conservation has...
November 20, 2024
Advertisement
Advertisement
Advertisement