[Verifpal] Feature request: ring signatures

Nadim Kobeissi nadim at symbolic.software
Thu Feb 6 15:46:07 CET 2020

Dear Sebastian,

Ring signatures sounds like a great primitive to add to Verifpal. I propose the following interface:

principal Alice[
	knows private a
	knows private m
	ga = G^a
	// Alice has previously received G^b, G^c
	s = RINGSIGN(a, m, G^a, ga, gc)

Alice -> Bob: m, s, ga

principal Bob[
	_ = RINGSIGNVERIF(ga, m, s, ga, G^b, gc)?

Would this interface work for your use case?

Thank you,

Nadim Kobeissi
Symbolic Software • https://symbolic.software

> On 5 Feb 2020, at 10:01 PM, Sebastian Reynaldo Verschoor via Verifpal <verifpal at lists.symbolic.software> wrote:
> Hi,
> Not sure if this is the way to do it, but I'd like to request a new crypto primitive for Verifpal, namely ring signatures.
> The reason is that I'd be interested in modelling OTRv4, where ring signatures are used for deniability. (In that context, I would only need unlinkable, untraceable signatures over three public keys, if that makes the request easier?)
> As a possible alternative, I was wondering if you are planning the option for the user to construct their own primitives in some future release?
> Thanks,
> Sebastian
> _______________________________________________
> Verifpal mailing list
> Verifpal at lists.symbolic.software
> https://lists.symbolic.software/mailman/listinfo/verifpal

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.symbolic.software/pipermail/verifpal/attachments/20200206/bb323622/attachment.sig>

More information about the Verifpal mailing list