mirror of
https://github.com/monero-project/monero-site.git
synced 2024-10-30 21:17:40 +00:00
38 lines
1.9 KiB
Markdown
38 lines
1.9 KiB
Markdown
---
|
|
summary: 'a group of cryptographic signatures with at least one real participant, but no way to tell which in the group is the real one as they all appear valid'
|
|
terms: ["ring-signature", "ring-signatures"]
|
|
---
|
|
|
|
{% include disclaimer.html translated="no" translationOutdated="no" %}
|
|
|
|
### The Basics
|
|
|
|
In cryptography, a ring signature is a type of digital signature that can be
|
|
performed by any member of a group of users that each have keys. Therefore,
|
|
a message signed with a ring signature is endorsed by someone in a
|
|
particular group of people. One of the security properties of a ring
|
|
signature is that it should be computationally infeasible to determine
|
|
*which* of the group members' keys was used to produce the signature.
|
|
|
|
For instance, a ring signature could be used to provide an anonymous
|
|
signature from "a high-ranking White House official", without revealing
|
|
which official signed the message. Ring signatures are right for this
|
|
application because the anonymity of a ring signature cannot be revoked, and
|
|
because the group for a ring signature can be improvised (requires no prior
|
|
setup).
|
|
|
|
### Application to Monero
|
|
|
|
A ring signature makes use of your @account keys and a number of public keys
|
|
(also known as outputs) pulled from the @blockchain using a triangular
|
|
distribution method. Over the course of time, past outputs could be used
|
|
multiple times to form possible signer participants. In a "ring" of possible
|
|
signers, all ring members are equal and valid. There is no way an outside
|
|
observer can tell which of the possible signers in a signature group belongs
|
|
to your @account. So, ring signatures ensure that transaction outputs are
|
|
untraceable. Moreover, there are no @fungibility issues with Monero given
|
|
that every transaction output has plausible deniability (e.g. the network
|
|
can not tell which outputs are spent or unspent).
|
|
|
|
To read how Monero gives you privacy by default (unlinkability), see
|
|
@stealth-addresses.
|