Skip to Main Content
The concept of ring signature was first introduced by Rivest et al. in 2001. In a ring signature, instead of revealing the actual identity of the message signer, it specifies a set of possible signers. The verifier can be convinced that the signature was indeed generated by one of the ring members; however, the verifier is unable to tell which member actually produced the signature. A convertible ring signature scheme allows the real signer to convert a ring signature into an ordinary signature by revealing secret information about the ring signature. Thus, the real signer can prove the ownership of a ring signature if necessary, and the the other members in the ring cannot prove the ownership of a ring signature. Based on the original ElGamal signature scheme, a generalized ring signature scheme was proposed for the first time in 2008. The proposed ring signature can achieve unconditional signer ambiguity and is secure against adaptive chosen-message attack in the random oracle model. By comparing to ring signatures based on RSA algorithm, the authors claimed that the proposed generalized ring signature scheme is convertible. It enables the actual message signer to prove to a verifier that only she is capable of generating the ring signature. Through cryptanalysis, we show that the convertibility of the generalized ring signature scheme cannot be satisfied. Everyone in the ring signature has the ability to claim that she generates the generalized ring signature.