SM2-DualRing: Efficient SM2-based ring signature schemes with logarithmic size

As an equivalent of a handwritten signature, digital signature can resist against information tampering and identity impersonation during digital communication, but it fails to meet the specific anonymity requirement in circumstances like voting, credit reporting, and whistle-blowing. Ring signature was introduced as a special digital signature to further achieve anonymity, and classical schemes constructed from single ring were faced with linearly increasing size. In CRYPTO 2021, Yuen et al. proposed a novel construction paradigm (namely, DualRing) for reaping logarithmic-sized ring signature. Existing DualRing-based ring signature schemes are based on its supported Type-T standard signature algorithms (Three-move type, e.g. Schnorr signature). In this paper, we are motivated to seek a SM2-based ring signature scheme upon the DualRing technology, among which the SM2 digital signature is widely adopted as an international standard but not with a Type-T architecture. Therefore, we first transform the SM2 digital signature into Type-T and integrate DualRing with the variant of the SM2 digital signature. After that, we prove the unforgeability and anonymity of our schemes, together with proposing optimized and linkable schemes. Finally, we put our schemes into practice to display their performance in communication and computation costs.

Automated summary

Digital signature provides resistance against information tampering and identity impersonation, but lacks specific anonymity requirement for scenarios such as voting and whistle-blowing. Ring signature was introduced for achieving anonymity, but existing schemes face size limitations. In this paper, a novel construction paradigm called DualRing is proposed for logarithmic-sized ring signature. The SM2 digital signature is transformed into Type-T and integrated with DualRing technology, proving unforgeability and anonymity. Optimized and linkable schemes are proposed, and the performance in communication and computation costs are demonstrated.