12-22-2024
Breaking News
BSV
$53.36
Vol 30.47m
-1.29%
BTC
$95509
Vol 41304.47m
-1.92%
BCH
$444.53
Vol 339.82m
-1.85%
LTC
$100.46
Vol 809.39m
-0.23%
DOGE
$0.31
Vol 4739.32m
-4.6%
  1. Homepage
  2. >
  3. News
  4. >
  5. Tech
  6. >
  7. Ring signatures in Bitcoin: Run Monero on Bitcoin
Getting your Trinity Audio player ready...

This post was first published on Medium

We have implemented the first-ever Ring signature in Bitcoin.

Ring Signatures

Actual signer with a key concept
Anyone in the ring can sign and no one can tell who signed

ring signature is a type of digital signature that allows a message to be signed by a single member in a group, or a ring. It proves that someone in the ring indeed signs, but there is no way to identify the actual signer amongst the ring members.

Its increased privacy enables many applications, such as:

  • whistleblowing: a government whistleblower wants to leak that his agency is secretly collecting citizens’ private data, yet wants to remain anonymous due to the risk of being fired. By using a ring signature, he can demonstrate that he works for the agency and thus add credibility to the claim, while concealing his identity.
  • e-voting: a voter signs his vote on behalf of all the people eligible to vote. She proves she has registered and is eligible to vote, without disclosing her vote¹.
  • private membership authentication: a user proves to an application she is registered without disclosing who she is.

It has been used by many blockchains to preserve privacy, most notably in Monero.

Ring signatures in Bitcoin

There are multiple ways to implement ring signatures. We choose a scheme called Spontaneous Anonymous Group signatures², because it is based in elliptic curve and amenable for implementation in Bitcoin.

Signing

Given a message, a group/ring of public keys, and a private key, a signature is produced as follows:

Signature from a group/ring of public keys with a given message
Signing

Verifying

Given a signature, a message, and a ring of public keys, the following algorithm determines if the signature is created by a private key corresponding to a public key in the ring, in two steps:

algorithm from a message, and a ring of public keys with a given signature
Verifying

Implementation

We have implemented Ring signature verification, using elliptic curve library. Anyone who knows a private key of the group of public keys can sign and spend the coins locked in the contract. No one can tell which one signed, even the group members.

Contract RingSig

Line 21 to 31 iteratively update c, as in step 1. Line 34 checks step 2.

***

NOTES:

[1] A ring signature that is linkable, which allows identifying whether two signatures belong to the same signer, is needed to detect double-voting.

[2] Section 3.3 of Zero to Monero.

Watch: CoinGeek New York presentation, Smart Contracts & Computation on Bitcoin

Tagged:

Recommended for you

Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google unveils ‘Willow’; Bernstein downplays quantum threat to Bitcoin
Google claims that Willow can eliminate common errors associated with quantum computing, while Bernstein analysts noted that Willow’s 105 qubits...
By Wahid Pessarlay
December 18, 2024
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain adds support for 1Sat Ordinals with new API set
WhatsOnChain now supports the 1Sat Ordinals with a set of APIs in beta testing; with this new development, developers can...
By Jon Southurst
December 13, 2024
Advertisement
Advertisement
Advertisement