2019-03-10 21:28:49 +00:00
---
2021-10-05 09:26:00 +00:00
summary: 'a group of cryptographic signatures with at least one real participant, but no way to tell which in the group is the real one as they all appear valid'
2019-03-10 21:28:49 +00:00
terms: ["ring-signature", "ring-signatures"]
---
2020-08-16 17:11:02 +00:00
{% include disclaimer.html translated="no" translationOutdated="no" %}
2021-10-05 09:26:00 +00:00
2019-03-10 21:28:49 +00:00
### The Basics
2021-10-05 09:26:00 +00:00
In cryptography, a ring signature is a type of digital signature that can be
performed by any member of a group of users that each have keys. Therefore,
a message signed with a ring signature is endorsed by someone in a
particular group of people. One of the security properties of a ring
signature is that it should be computationally infeasible to determine
*which* of the group members' keys was used to produce the signature.
2019-03-10 21:28:49 +00:00
2021-10-05 09:26:00 +00:00
For instance, a ring signature could be used to provide an anonymous
signature from "a high-ranking White House official", without revealing
which official signed the message. Ring signatures are right for this
application because the anonymity of a ring signature cannot be revoked, and
because the group for a ring signature can be improvised (requires no prior
setup).
2019-03-10 21:28:49 +00:00
### Application to Monero
2021-10-05 09:26:00 +00:00
A ring signature makes use of your @account keys and a number of public keys
(also known as outputs) pulled from the @blockchain using a triangular
distribution method. Over the course of time, past outputs could be used
multiple times to form possible signer participants. In a "ring" of possible
signers, all ring members are equal and valid. There is no way an outside
observer can tell which of the possible signers in a signature group belongs
to your @account . So, ring signatures ensure that transaction outputs are
untraceable. Moreover, there are no @fungibility issues with Monero given
that every transaction output has plausible deniability (e.g. the network
can not tell which outputs are spent or unspent).
2019-03-10 21:28:49 +00:00
2021-10-05 09:26:00 +00:00
To read how Monero gives you privacy by default (unlinkability), see
@stealth -addresses.