# A multi-authority attribute ring signature supporting dynamic policies and dual anonymity for zero-trust networks

**Authors:** Jinhong Chen, Xueguang Zhou, Wei Fu, Yihuan Mao, Jiaqi Wang

PMC · DOI: 10.1038/s41598-026-40089-2 · Scientific Reports · 2026-02-17

## TL;DR

This paper introduces a new secure authentication method for zero-trust networks using decentralized identity and anonymity-preserving signatures.

## Contribution

A novel multi-authority attribute ring signature scheme is proposed, supporting dynamic policies and dual anonymity.

## Key findings

- The scheme enables distributed key generation by multiple authorities and achieves existential unforgeability.
- The proposed method reduces computational costs by approximately 30% compared to existing ring signatures.
- The approach is based on the SM9 cryptographic standard and is suitable for DID-driven zero-trust networks.

## Abstract

The advent of Decentralized Identity (DID) technology is fundamentally changing the way digital identity is managed, allowing user-controlled, privacy-preserving authentication across trust domains a fundamental requirement if zero trust architectures are to be realized, in which continuous verification and least-privilege access are inherent properties. Under traditional ABS (attribute-based signature) schemes, these are difficult to achieve as fine-grained access control is not always possible in practice and anonymity may not be straightforward when policy is evolving dynamically and different authorities may be involved. In this paper, we present a new multi-authority attribute ring signature scheme, which leverages DID philosophy and anonymous credential techniques, enabling users to mix attributes dynamically according to the policies of veriers without disclosing their pseudonyms or partial attributes. The proposed scheme enables distributed key generation by multiple authorities and is shown to be secure in the random oracle model, achieving existential unforgeability against adaptive chosen-message, identity, and attribute attacks (EUF-CMIAA) as well as full signer and attribute anonymity. Based on the SM9 cryptographic standard, our approach reduces the number of \documentclass[12pt]{minimal}
				\usepackage{amsmath}
				\usepackage{wasysym} 
				\usepackage{amsfonts} 
				\usepackage{amssymb} 
				\usepackage{amsbsy}
				\usepackage{mathrsfs}
				\usepackage{upgreek}
				\setlength{\oddsidemargin}{-69pt}
				\begin{document}$$\mathbb {G}_T$$\end{document} exponentiations and scalar multiplications during signing by approximately 30% compared to existing ring signatures, offering a practical and efficient authentication solution for emerging DID-driven zero-trust networks.

## Full-text entities

- **Genes:** SdhB (Succinate dehydrogenase, subunit B (iron-sulfur)) [NCBI Gene 35590] {aka CG3283, CII-SDHB, DHSB, Dmel\CG3283, Ip, SDH}
- **Diseases:** DID (MESH:D009105)
- **Chemicals:** GJJ2405006 (-)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC13004895/full.md

## Figures

2 figures with captions in the complete paper: https://tomesphere.com/paper/PMC13004895/full.md

## References

11 references — full list in the complete paper: https://tomesphere.com/paper/PMC13004895/full.md

---
Source: https://tomesphere.com/paper/PMC13004895