Unfortunately the only ring signature implementations I found on a quick inspection are pairing-based. PBC has Zhang & Kim's "ID-Based Blind Signature and ring from pairings" as an example: http://crypto.stanford.edu/pbc/
J. Ayo Akinyele implemented a couple pairing-based schemes using the CHARM library: http://www.charm-crypto.com/Main.html "X. Boyen. Mesh Signatures: How to Leak a Secret with Unwitting and Unwilling Participants" Paper: http://eprint.iacr.org/2007/094.pdf Code: https://github.com/JHUISI/charm/blob/dev/charm/schemes/pksig/pksig_cyh.py "S. Chow, S. Yiu and L. Hui - Efficient identity based ring signature." Paper: https://eprint.iacr.org/2004/327.pdf Code: https://github.com/JHUISI/charm/blob/dev/charm/schemes/pksig/pksig_boyen.py I also think there have been pairing-based ring signature implementations using the RELIC toolkit, but I didn't see any code online. Here's the toolkit though: https://code.google.com/p/relic-toolkit/ On Mon, Jun 16, 2014 at 7:02 AM, David Leon Gil <[email protected]> wrote: > > Is anyone aware of any implementation of EC ring signatures *not* using > pairing-based crypto? (If not, does anyone have any good ideas on the > strategy to pursue in, e.g., Ed25519?) > > (I know that the original RST ("How to leak a secret") scheme has been shown > insecure if public keys in the ring are been adversarially chosen. Though the > citation is eluding me after several searches, I believe there is a scheme > using ZAPs to fix this.) > > - David > > (PS If you are also on Messaging, apologies for the duplication; I mistakenly > posted this there originally.) > — > Sent using alpine: an Alternatively Licensed Program for Internet News and > Email > > _______________________________________________ > Curves mailing list > [email protected] > https://moderncrypto.org/mailman/listinfo/curves > _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
