关键词: 可链接环签名, 格, 匿名性, G-陷门, 拒绝采样

Abstract: As a simplified group signature, ring signature has no administrator and does not require cooperation among ring members. The signer only needs his private key and the public keys of other ring members to sign. Because of its natural anonymity, ring signature is widely used in scenarios such as anonymous voting, e-cash and vehicular ad-hoc network. As a variant of the ring signature concept, linkable ring signature can verify whether two signatures come from the same signer while maintaining anonymity, thus effectively solving malicious reporting in the reporting system and double spending in the blockchain system, further enriching the application scenarios of ring signature. This paper proposes an identity-based linkable ring signature scheme from lattice, which uses G-trapdoor generation technology to generate the system key, uses its improved trapdoor delegation technology and the preimage sampling algorithm to extract the user's private key, and uses the rejection sampling technology under bimodal gaussian to generate the signature. Through security analysis, the proposed scheme meets unconditional anonymity, unforgeability and linkability in random oracle model, the security can be reduced to the hardness assumption of the small integer solution problem (short integer solution, SIS) on lattice. Compared with existing schemes, both signature generation time overhead and verification time overhead are reduced by about 50%. Finally, the e-voting protocol is designed by combining the scheme of this paper with a secret sharing algorithm based on XOR operation, which ensures the privacy and fairness of the e-voting system.

Key words: linkable ring signature, lattice, anonymity, G-trapdoor, rejection sampling