Deanonymizable Scoped Linkable Ring Signatures

TL;DR

The paper introduces DSLRS, a novel cryptographic signature scheme that combines scoped linkability, unlinkability, and decentralized accountability, suitable for privacy-sensitive applications like healthcare.

Contribution

DSLRS uniquely integrates scoped linkability with decentralized deanonymization in a single scheme without relying on external commitments or centralized authorities.

Findings

DSLRS provides scoped linkability and unlinkability across different contexts.

The scheme is proven secure under ECDLP and DDH assumptions in the ROM.

A blockchain-based instantiation demonstrates practical application in consent management.

Abstract

Although ring signatures offer highly desirable privacy requirements like anonymity and ad-hoc group formation with signer autonomy, they partially lack trust requirements like linkability and accountability that are required for strict use-cases, such as consent management in healthcare. Existing signature schemes fail to natively integrate scoped linkability with decentralized accountability (on-demand deanonymization) in a single scheme without relying on separate commitments or a centralized opener. We therefore introduce Deanonymizable Scoped Linkable Ring Signatures (DSLRS). The originality of the DSLRS is manifold. DSLRS uses scopes (context identifiers) and dynamic key images to provide scoped linkability and unlinkability across different scopes. Decentralized accountability is provided thanks to two ELGamal components deeply embedded in the signature, and a decentralized deanonymization network of k-of-N nodes that can collaboratively extract the signer's public key. DSLRS scheme is defined and proved under the ECDLP and DDH hardness assumptions in the Random Oracle Model (ROM). Formal security definitions and formal reduction proofs are provided before introducing a blockchain-based instantiation for a consent management application using DSLRS.