An Improved Lattice-Based Ring Signature With Unclaimable Anonymity in the Standard Model

Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring, without revealing exactly which member of that ring actually generated the signature. The signer-anonymity property makes ring signatures have been an active research topic. Recently, Park and Sealfon (PS; CRYPTO'19) presented an important anonymity notion named signer-unclaimability and constructed a lattice-based ring signature scheme with unclaimable anonymity in the standard model; however, it did not consider the unforgeable w.r.t. adversarially chosen-key attack (the public key ring of a signature may contain keys created by an adversary) and the signature size grows quadratically in the size of ring and message. In this work, we propose a new lattice-based ring signature scheme with unclaimable anonymity in the standard model. In particular, our work improves the security and efficiency of PS work, which is unforgeable w.r.t. adversarially chosen-key attack, and the ring signature size grows linearly in the ring size.