mirror of
https://github.com/monero-project/monero-site.git
synced 2025-01-11 05:15:28 +00:00
Merge pull request #1609
MRL: add note to arcturus paper (was retracted)
This commit is contained in:
commit
939b2f741f
2 changed files with 2 additions and 0 deletions
|
@ -738,6 +738,7 @@ research-lab:
|
||||||
iacr2020018: "Triptych: logarithmic-sized linkable ring signatures with applications"
|
iacr2020018: "Triptych: logarithmic-sized linkable ring signatures with applications"
|
||||||
iacr2020018_abstract: Ring signatures are a common construction used to provide signer ambiguity among a non-interactive set of public keys specified at the time of signing. Unlike early approaches where signature size is linear in the size of the signer anonymity set, current optimal solutions either require centralized trusted setups or produce signatures logarithmic in size. However, few also provide linkability, a property used to determine whether the signer of a message has signed any previous message, possibly with restrictions on the anonymity set choice. Here we introduce Triptych, a family of linkable ring signatures without trusted setup that is based on generalizations of zero-knowledge proofs of knowledge of commitment openings to zero. We demonstrate applications of Triptych in signer-ambiguous transaction protocols by extending the construction to openings of parallel commitments in independent anonymity sets. Signatures are logarithmic in the anonymity set size and, while verification complexity is linear, collections of proofs can be efficiently verified in batches. We show that for anonymity set sizes practical for use in distributed protocols, Triptych offers competitive performance with a straightforward construction.
|
iacr2020018_abstract: Ring signatures are a common construction used to provide signer ambiguity among a non-interactive set of public keys specified at the time of signing. Unlike early approaches where signature size is linear in the size of the signer anonymity set, current optimal solutions either require centralized trusted setups or produce signatures logarithmic in size. However, few also provide linkability, a property used to determine whether the signer of a message has signed any previous message, possibly with restrictions on the anonymity set choice. Here we introduce Triptych, a family of linkable ring signatures without trusted setup that is based on generalizations of zero-knowledge proofs of knowledge of commitment openings to zero. We demonstrate applications of Triptych in signer-ambiguous transaction protocols by extending the construction to openings of parallel commitments in independent anonymity sets. Signatures are logarithmic in the anonymity set size and, while verification complexity is linear, collections of proofs can be efficiently verified in batches. We show that for anonymity set sizes practical for use in distributed protocols, Triptych offers competitive performance with a straightforward construction.
|
||||||
iacr2020312: "Arcturus: efficient proofs for confidential transactions"
|
iacr2020312: "Arcturus: efficient proofs for confidential transactions"
|
||||||
|
iacr2020312_note: "NOTE: this paper has been retracted, but it's possible to view it clicking on 'All versions of this report'."
|
||||||
iacr2020312_abstract: Confidential transactions are used in distributed digital assets to demonstrate the balance of values hidden in commitments, while retaining signer ambiguity. Previous work describes a signer-ambiguous proof of knowledge of the opening of commitments to zero at the same index across multiple public commitment sets and the evaluation of a verifiable random function used as a linking tag, and uses this to build a linkable ring signature called Triptych that can be used as a building block for a confidential transaction model. In this work, we extend Triptych to build Arcturus, a proving system that proves knowledge of openings of multiple commitments to zero within a single set, correct construction of a verifiable random function evaluated at each opening, and value balance across a separate list of commitments within a single proof. While soundness depends on a novel dual discrete-logarithm hardness assumption, we use data from the Monero blockchain to show that Arcturus can be used in a confidential transaction model to provide faster total batch verification time than other state-of-the-art constructions without a trusted setup.
|
iacr2020312_abstract: Confidential transactions are used in distributed digital assets to demonstrate the balance of values hidden in commitments, while retaining signer ambiguity. Previous work describes a signer-ambiguous proof of knowledge of the opening of commitments to zero at the same index across multiple public commitment sets and the evaluation of a verifiable random function used as a linking tag, and uses this to build a linkable ring signature called Triptych that can be used as a building block for a confidential transaction model. In this work, we extend Triptych to build Arcturus, a proving system that proves knowledge of openings of multiple commitments to zero within a single set, correct construction of a verifiable random function evaluated at each opening, and value balance across a separate list of commitments within a single proof. While soundness depends on a novel dual discrete-logarithm hardness assumption, we use data from the Monero blockchain to show that Arcturus can be used in a confidential transaction model to provide faster total batch verification time than other state-of-the-art constructions without a trusted setup.
|
||||||
cryptonote: Cryptonote Whitepapers
|
cryptonote: Cryptonote Whitepapers
|
||||||
cryptonote-whitepaper: Cryptonote Whitepaper
|
cryptonote-whitepaper: Cryptonote Whitepaper
|
||||||
|
|
|
@ -19,6 +19,7 @@ permalink: /resources/research-lab/index.html
|
||||||
<input id="tab-2020312" type="checkbox" name="tabs" class="accordion">
|
<input id="tab-2020312" type="checkbox" name="tabs" class="accordion">
|
||||||
<label for="tab-2020312" class="accordion">IACR 2020/312: {% t research-lab.iacr2020312 %}</label>
|
<label for="tab-2020312" class="accordion">IACR 2020/312: {% t research-lab.iacr2020312 %}</label>
|
||||||
<div class="tab-content">
|
<div class="tab-content">
|
||||||
|
<p>{% t research-lab.iacr2020312_note %}</p>
|
||||||
<p><strong>{% t research-lab.abstract %}:</strong> {% t research-lab.iacr2020312_abstract %}</p>
|
<p><strong>{% t research-lab.abstract %}:</strong> {% t research-lab.iacr2020312_abstract %}</p>
|
||||||
<div class="center-xs">
|
<div class="center-xs">
|
||||||
<p><a class="btn-link btn-auto btn-primary" target="_blank" rel="noreferrer noopener" href="https://eprint.iacr.org/2020/312">{% t research-lab.read-paper %}</a></p>
|
<p><a class="btn-link btn-auto btn-primary" target="_blank" rel="noreferrer noopener" href="https://eprint.iacr.org/2020/312">{% t research-lab.read-paper %}</a></p>
|
||||||
|
|
Loading…
Reference in a new issue