With a consistent emphasis on privacy within cryptocurrencies being placed by users, significant developments in technology and how they are implemented into these distributed networks has allowed for an impressive level of digital anonymity in value exchange.
Notably, a decisive technology known as ring signatures has been implemented in several privacy-focused cryptocurrencies, particularly the CryptoNote coins, which have emerged as the leaders in the user privacy realm.
Background of Ring Signatures
Ring signatures are a type of cryptographic digital signature and were actually invented back in 2001 by Ron Rivest, Adi Shamir, and Yael Tauman and subsequently introduced at Asiacrypt. The concept is similar to that of group signatures, however, there is no way to identify the actual signer of a ring signature transaction and an arbitrary group of users can be included in the ring signature without any additional setup.
The original concept was for ring signatures to function as a way to leak secret information, specifically, from high ranking government officials, without actually revealing who signed the message. Since the original paper proposing ring signatures, there has been various optimizations and added features to the technology.
Eiichiro Fujisaki and Koutarou Suzuki proposed Traceable Ring Signatures in 2006 as an improvement to some of the vulnerabilities around ring signatures concerning manipulation by malicious or irresponsible signers. An optimized version of this type of ring signature is what is currently employed in the CryptoNote coins and is used to provide untraceability of the sender in a P2P transaction by obscuring the source of the inputs in the transaction.
Recently, the concept of Ring Confidential Transactions (Ring CTs) was discussed and implemented by Bitcoin Core developer Gregory Maxwell and then formally proposed by Monero Research Labs in 2015. Extending the anonymity capabilities of the original ring signature further, Ring CTs hide the actual transaction amounts between a sender and recipient instead of solely obfuscating the identity of the sender.
How Do Ring Signatures Work?
As mentioned earlier, ring signatures are a cryptographic digital signature that is similar to a group signature. However, ring signatures take the concept of group signatures further to provide better privacy for the user. In a P2P transaction format as is the case with cryptocurrencies, specifically using the CryptoNote coins as a reference, ring signatures protect the sender by obscuring the input side of a transaction so that it is computationally infeasible to determine who the actual signer of a transaction is.
Read Our Guide to Privacy Coins
Ring signatures are a more sophisticated scheme than typical digital signatures used in other cryptocurrencies such as ECDSA or Schnorr signatures. Ring signatures may require multiple different public keys for verification and the word “ring” is used because it consists of a group of partial digital signatures from various users that come together to form a unique signature that is used to sign a transaction. This group is known as the ring and can be arbitrarily selected from outputs from other users on the blockchain. Conceptually, ring signatures are akin to multiple parties signing a check from a joint bank account, but with some implemented cryptographic methods, the actual signer is not distinguishable among the group.
The structure of a ring signature, using Monero as an example, basically works as follows:
- Alice wants to send Bob 10 Monero so she initiates a transaction through her Monero wallet to Bob.
- Alice’s digital signature for this transaction is a one-time spend key that starts with an output being spent from her wallet.
- The non-signers of the ring signature are past transaction outputs that are arbitrarily picked from the blockchain and act as decoys in the transaction.
- All ring members are plausible signers of the transaction and it is computationally infeasible for a third party to detect the actual signer.
- All of the outputs of the ring signature together make up the input of the transaction.
- The creator of the transaction (Alice) is provably eligible to spend the specified transaction amount without distinguishing her identity from the others in the ring.
- Although Alice’s public key is used in her own transaction, it may be arbitrarily used in other transactions in the Monero network as a muddling factor.
Further, the automatic creation of unique one-time keys prevents transaction linkability and is made possible through an optimization of the Diffie-Hellman key exchange.
Read Our Guide to Monero
A problem you may notice with having anonymous transactions across a privacy-focused cryptocurrency network such as Monero is that prevention of double-spending would be very difficult and thus make the network useless as a digital currency if full double-spend protection was not guaranteed. This is cleverly solved with the use of key images in conjunction with the ring signature scheme.
A key image is a cryptographic key that is derived from an output being spent and is part of every ring signature transaction. There is only one, unique key image for each output on the blockchain and a list of all used key images is maintained on the blockchain. Due to the cryptographic properties of key images, it is not possible to make a correlation between an output on the blockchain and its key image. As the CryptoNote website puts it “All things considered, the key image is unavoidable, unambiguous, and yet an anonymous marker of the private key” used in a transaction. Any new ring signatures that use a duplicate of a key image are automatically rejected as being an attempted double-spend.
Ring Confidential Transactions (Ring CTs)
While ring signatures focus on providing privacy for the sender of a transaction, the development of Ring CTs focused on adding privacy to both the sender and recipient through obfuscating the amount being transacted between them, among a few other modifications. They are an important improvement of the original ring signature technology.
In the initial ring signature format, outputs had to be broken up into separate rings since ring signatures could only contain outputs of the same value. Due to this, third parties were able to see the actual amounts being transacted. Implementing Ring CTs makes the transactions stored in the blockchain opaque rather than transparent as in a cryptocurrency such as Bitcoin.
Transactions using Ring CTs no longer need to be broken down and included into rings of the same sized outputs, rather a wallet in a cryptocurrency using Ring CTs can arbitrarily select ring members from any output size. Ring CTs also use a commitment scheme that is enabled through a range proof. These rang proofs prove that an amount used in a transaction is greater than 0 and less than some other number without actually revealing the amounts transacted. So, outside observers cannot actually see the transaction but can be assured through cryptographic verification that the transaction is valid.
Range proofs are an interesting concept that have some fascinating recent developments with important implications in future iterations of platforms aimed at maintaining user privacy.
Implementations of Ring Signatures
Ring signatures are a vital component of many privacy-focused cryptocurrencies and should become more relevant moving forward as a sort of standard implementation for digital signature schemes when a degree of anonymity is looking to be achieved for the user.
The CryptoNote coins are the most well-known privacy-focused coins that provide ring signatures and Ring CTs. Some of the more prominent CryptoNote coins include Monero and Bytecoin, with Bytecoin being the first CryptoNote-based currency.
Discussions surrounding implementing ring signatures and other privacy preserving methods, that have arisen as a result of recent technological innovations, have been floated for various legacy cryptocurrencies that are looking to provide better privacy for their users.
There are many components that go into creating and maintaining a cryptocurrency network that provides user anonymity. Ring signatures and their subsequent optimization with Ring CTs are vital to obscuring sender identities and transacted amounts across a network.
More emphasis will continue to be placed on privacy as mainstream adoption of cryptocurrencies moves forward. With novel technologies being innovated at an accelerated pace, it will be fascinating to watch the continued development and ultimate end results of these privacy-centric networks.