{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:43:47Z","timestamp":1760060627515,"version":"build-2065373602"},"reference-count":62,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T00:00:00Z","timestamp":1757635200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"HKU-SCF FinTech Academy, Shenzhen-Hong Kong-Macao Science and Technology Plan Project","award":["SGDX20210823103537030","T35-710\/20-R"],"award-info":[{"award-number":["SGDX20210823103537030","T35-710\/20-R"]}]},{"name":"RGC, Hong Kong","award":["SGDX20210823103537030","T35-710\/20-R"],"award-info":[{"award-number":["SGDX20210823103537030","T35-710\/20-R"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Traceable ring signatures (TRSs) allow a signer to create a signature that maintains anonymity while enabling traceability if needed. It merges the characteristics of traditional ring signatures with the ability to trace signers, making it ideal for applications that demand both confidentiality and accountability. In a TRS scheme, a ring of potential signers generates a signature on a message without disclosing the actual signer\u2019s identity. However, the identity can be traced if the signer uses the same tag for multiple signatures. This paper introduces a novel formal construction of TRS under universally composable (UC) security. We integrate verifiable random functions (VRFs) and zero-knowledge proofs for membership, employing Pedersen commitments. Our signature schemes maintain a logarithmic size while preserving the UC security guarantees. Additionally, we explore the potential to extend the property of one-time anonymity in TRS to K-time anonymity.<\/jats:p>","DOI":"10.3390\/cryptography9030059","type":"journal-article","created":{"date-parts":[[2025,9,12]],"date-time":"2025-09-12T13:43:02Z","timestamp":1757684582000},"page":"59","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Universally Composable Traceable Ring Signature with Verifiable Random Function in Logarithmic Size"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2703-5903","authenticated-orcid":false,"given":"Kwan Yin","family":"Chan","sequence":"first","affiliation":[{"name":"Department of Computer Science, The University of Hong Kong, Pokfulam, Hong Kong"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0629-6792","authenticated-orcid":false,"given":"Tsz Hon","family":"Yuen","sequence":"additional","affiliation":[{"name":"Department of Software Systems & Cybersecurity, Monash University, Clayton, VIC 3800, Australia"}]},{"given":"Siu Ming","family":"Yiu","sequence":"additional","affiliation":[{"name":"Department of Computer Science, The University of Hong Kong, Pokfulam, Hong Kong"}]}],"member":"1968","published-online":{"date-parts":[[2025,9,12]]},"reference":[{"key":"ref_1","unstructured":"W3C (2025, September 09). Decentralized Identifiers (DIDs) v1.0. Available online: https:\/\/www.w3.org\/TR\/did-1.0\/."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Canetti, R. (2001, January 14\u201317). Universally composable security: A new paradigm for cryptographic protocols. Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science, Las Vegas, NV, USA.","DOI":"10.1109\/SFCS.2001.959888"},{"key":"ref_3","unstructured":"Okamoto, T., and Wang, X. (2007, January 16\u201320). Traceable Ring Signature. Proceedings of the PKC 2007, Beijing, China."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Hu, C., and Li, D. (August, January 30). Forward-Secure Traceable Ring Signature. Proceedings of the Eighth ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel\/Distributed Computing (SNPD 2007), Qingdao, China.","DOI":"10.1109\/SNPD.2007.222"},{"key":"ref_5","unstructured":"Kiayias, A. (2011, January 14\u201318). Sub-linear Size Traceable Ring Signatures without Random Oracles. Proceedings of the CT-RSA 2011, San Francisco, CA, USA."},{"key":"ref_6","unstructured":"Ding, J., and Steinwandt, R. (2019, January 8\u201310). A Traceable Ring Signature Scheme Based on Coding Theory. Proceedings of the Post-Quantum Cryptography, Chongqing, China."},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"1111","DOI":"10.1007\/s10623-021-00863-x","article-title":"Traceable ring signatures: General framework and post-quantum security","volume":"89","author":"Feng","year":"2021","journal-title":"Des. Codes Cryptogr."},{"key":"ref_8","unstructured":"Carlet, C., Mandal, K., and Rijmen, V. (2023, January 27\u201331). Traceable Ring Signatures from Group Actions: Logarithmic, Flexible, and Quantum Resistant. Proceedings of the SAC 2023, Tallinn, Estonia."},{"key":"ref_9","unstructured":"Liu, J.K., Chen, L., Sun, S.F., and Liu, X. (2025, January 25\u201327). Traceable Ring Signatures: Logarithmic-Size, Without Any Setup, from Standard Assumptions. Proceedings of the ProvSec 2024, Gold Coast, QLD, Australia."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.tcs.2012.10.031","article-title":"Secure ID-based linkable and revocable-iff-linked ring signature with constant-size construction","volume":"469","author":"Au","year":"2013","journal-title":"Theor. Comput. Sci."},{"key":"ref_11","unstructured":"Pernul, G., Ryan, P.Y.A., and Weippl, E. (2015, January 21\u201325). Short Accountable Ring Signatures Based on DDH. Proceedings of the ESORICS 2015, Vienna, Austria."},{"key":"ref_12","unstructured":"Liu, Z., and Yung, M. (2019, January 6\u20138). Revocable and Linkable Ring Signature. Proceedings of the Inscrypt 2019, Nanjing, China."},{"key":"ref_13","unstructured":"Conti, M., Stevens, M., and Krenn, S. (2021, January 13\u201315). Report and Trace Ring Signatures. Proceedings of the CANS 2021, Vienna, Austria."},{"key":"ref_14","unstructured":"Devismes, S., Petit, F., Altisen, K., Di Luna, G.A., and Fernandez Anta, A. (2022, January 15\u201317). Improving the Efficiency of Report and Trace Ring Signatures. Proceedings of the SSS 2022, Clermont-Ferrand, France."},{"key":"ref_15","unstructured":"Bertino, E., Shulman, H., and Waidner, M. (2021, January 4\u20138). One-Time Traceable Ring Signatures. Proceedings of the ESORICS 2021, Darmstadt, Germany."},{"key":"ref_16","unstructured":"Mukhopadhyay, S., and St\u0103nic\u0103, P. (2024, January 18\u201321). Efficient Revocable Linkable Ring Signatures. Proceedings of the INDOCRYPT 2024, Chennai, India."},{"key":"ref_17","unstructured":"Boyd, C. (2001, January 9\u201313). How to Leak a Secret. Proceedings of the ASIACRYPT 2001, Gold Coast, Australia."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Zhang, B., Oliynykov, R., and Balogun, H. (2019, January 24\u201327). A Treasury System for Cryptocurrencies: Enabling Better Collaborative Intelligence. Proceedings of the NDSS 2019, San Diego, CA, USA. Available online: https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2019\/02\/ndss2019_02A-2_Zhang_paper.pdf.","DOI":"10.14722\/ndss.2019.23024"},{"key":"ref_19","unstructured":"Nakamoto, S. (2025, September 09). Bitcoin: A Peer-to-Peer Electronic Cash System. Available online: https:\/\/bitcoin.org\/bitcoin.pdf."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"1","DOI":"10.5195\/ledger.2016.34","article-title":"The Monero Research Lab Ring Confidential Transactions","volume":"1","author":"Noether","year":"2016","journal-title":"Ledger"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"102786","DOI":"10.1016\/j.sysarc.2022.102786","article-title":"Linked or unlinked: A systematic review of linkable ring signature schemes","volume":"134","author":"Odoom","year":"2023","journal-title":"J. Syst. Archit."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Liu, J.K., and Wong, D.S. (2005, January 9\u201312). Linkable ring signatures: Security models and new schemes. Proceedings of the ICCSA 2005, Singapore.","DOI":"10.1007\/11424826_65"},{"key":"ref_23","unstructured":"Wang, H., Pieprzyk, J., and Varadharajan, V. (2004, January 13\u201315). Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups. Proceedings of the ACISP 2004, Sydney, Australia."},{"key":"ref_24","unstructured":"Kohlweiss, M., Di Pietro, R., and Beresford, A. (2024, January 24\u201327). On the Anonymity of Linkable Ring Signatures. Proceedings of the CANS 2024, Cambridge, UK."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"115093","DOI":"10.1016\/j.tcs.2025.115093","article-title":"A linkable ring signature scheme with unconditional anonymity in the standard model","volume":"1033","author":"Hara","year":"2025","journal-title":"Theor. Comput. Sci."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Boyen, X., and Haines, T. (2018). Forward-Secure Linkable Ring Signatures from Bilinear Maps. Cryptography, 2.","DOI":"10.3390\/cryptography2040035"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"2974","DOI":"10.1093\/comjnl\/bxac141","article-title":"Shorter Linkable Ring Signature Based on Middle-Product Learning with Errors Problem","volume":"66","author":"Lin","year":"2022","journal-title":"Comput. J."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Chow, S.S., Susilo, W., and Yuen, T.H. (2006, January 25\u201328). Escrowed linkability of ring signatures and its applications. Proceedings of the VIETCRYPT 2006, Hanoi, Vietnam.","DOI":"10.1007\/11958239_12"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Wang, X., Zhu, C., and Liu, Z. (2024). A Universally Composable Linkable Ring Signature Supporting Stealth Addresses. Mathematics, 12.","DOI":"10.3390\/math12030491"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"107922","DOI":"10.1016\/j.future.2025.107922","article-title":"BCE-PPDS: Blockchain-based cloud\u2013edge collaborative privacy-preserving data sharing scheme for IoT","volume":"174","author":"Wang","year":"2025","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_31","unstructured":"Noether, S. (2025, September 09). Ring Signature Confidential Transactions for Monero. Available online: https:\/\/eprint.iacr.org\/2015\/1098."},{"key":"ref_32","unstructured":"Foley, S.N., Gollmann, D., and Snekkenes, E. (2017, January 11\u201315). RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero. Proceedings of the ESORICS 2017, Oslo, Norway."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Yuen, T.H., Sun, S.F., Liu, J.K., Au, M.H., Esgin, M.F., Zhang, Q., and Gu, D. (2020, January 10\u201314). RingCT 3.0 for Blockchain Confidential Transaction: Shorter Size and Stronger Security. Proceedings of the FC 2020, Kota Kinabalu, Malaysia.","DOI":"10.1007\/978-3-030-51280-4_25"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Au, M.H., Susilo, W., and Yiu, S.M. (2006, January 3\u20135). Event-oriented k-times revocable-iff-linked group signatures. Proceedings of the ACISP 2006, Melbourne, Australia.","DOI":"10.1007\/11780656_19"},{"key":"ref_35","unstructured":"Kohlweiss, M., Di Pietro, R., and Beresford, A. (2024, January 24\u201327). Taming Delegations in Anonymous Signatures: k-Times Anonymity for Proxy and Sanitizable Signature. Proceedings of the CANS 2024, Cambridge, UK."},{"key":"ref_36","unstructured":"Micali, S., Rabin, M., and Vadhan, S. (1999, January 17\u201318). Verifiable random functions. Proceedings of the 40th Annual Symposium on Foundations of Computer Science, New York, NY, USA."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Galindo, D., Liu, J., Ordean, M., and Wong, J.M. (2021, January 6\u201310). Fully Distributed Verifiable Random Functions and their Application to Decentralised Random Beacons. Proceedings of the EuroS&P 2021, Vienna, Austria.","DOI":"10.1109\/EuroSP51992.2021.00017"},{"key":"ref_38","unstructured":"Nielsen, J.B., and Rijmen, V. (May, January 29). Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain. Proceedings of the EUROCRYPT 2018, Tel Aviv, Israel."},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Badertscher, C., Ga\u017ei, P., Kiayias, A., Russell, A., and Zikas, V. (2018, January 9). Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability. Proceedings of the ACM CCS 2018, CCS\u201918, New York, NY, USA.","DOI":"10.1145\/3243734.3243848"},{"key":"ref_40","unstructured":"Papadopoulos, D., Wessels, D., Huque, S., Naor, M., V\u010del\u00e1k, J., Reyzin, L., and Goldberg, S. (2025, September 09). Making NSEC5 Practical for DNSSEC. Available online: https:\/\/eprint.iacr.org\/2017\/099."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Jarecki, S., Kiayias, A., and Krawczyk, H. (2014, January 7\u201311). Round-optimal password-protected secret sharing and T-PAKE in the password-only model. Proceedings of the ASIACRYPT 2014, Kaoshiung, Taiwan, China.","DOI":"10.1007\/978-3-662-45608-8_13"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Giunta, E., and Stewart, A. (2024, January 26\u201330). Unbiasable Verifiable Random Functions. Proceedings of the EUROCRYPT 2024, Zurich, Switzerland.","DOI":"10.1007\/978-3-031-58737-5_6"},{"key":"ref_43","unstructured":"Vaudenay, S. (2005, January 23\u201326). A Verifiable Random Function with Short Proofs and Keys. Proceedings of the PKC 2005, Les Diablerets, Switzerland."},{"key":"ref_44","unstructured":"Feigenbaum, J. (1991, January 11\u201315). Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing. Proceedings of the CRYPTO 1991, Santa Barbara, CA, USA."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"469","DOI":"10.1109\/TIT.1985.1057074","article-title":"A public key cryptosystem and a signature scheme based on discrete logarithms","volume":"31","author":"Elgamal","year":"1985","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_46","unstructured":"Foley, S.N., Gollmann, D., and Snekkenes, E. (2017, January 11\u201315). A Traceability Analysis of Monero\u2019s Blockchain. Proceedings of the ESORICS 2017, Oslo, Norway."},{"key":"ref_47","unstructured":"Deng, R.H., Bao, F., Pang, H., and Zhou, J. (2005, January 11\u201314). Short Linkable Ring Signatures for E-Voting, E-Cash and Attestation. Proceedings of the ISPEC 2005, Singapore."},{"key":"ref_48","unstructured":"Oswald, E., and Fischlin, M. (2015, January 26\u201330). One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin. Proceedings of the EUROCRYPT 2015, Sofia, Bulgaria."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"3113","DOI":"10.1016\/j.dam.2007.12.010","article-title":"Pairings for Cryptographers","volume":"156","author":"Galbraith","year":"2006","journal-title":"Discret. Appl. Math."},{"key":"ref_50","unstructured":"Cachin, C., and Camenisch, J.L. (2004, January 2\u20136). Efficient Selective-ID Secure Identity-Based Encryption Without Random Oracles. Proceedings of the EUROCRYPT 2004, Interlaken, Switzerland."},{"key":"ref_51","unstructured":"Odlyzko, A.M. (1986, January 11\u201315). How To Prove Yourself: Practical Solutions to Identification and Signature Problems. Proceedings of the CRYPTO 1986, Santa Barbara, CA, USA."},{"key":"ref_52","unstructured":"Rabin, T. (2010, January 15\u201319). Credential Authenticated Identification and Key Exchange. Proceedings of the CRYPTO 2010, Santa Barbara, CA, USA."},{"key":"ref_53","unstructured":"Agrawal, S., and Lin, D. (2022, January 5\u20139). Triply Adaptive UC NIZK. Proceedings of the ASIACRYPT 2022, Taipei, Taiwan."},{"key":"ref_54","unstructured":"Lai, X., and Chen, K. (2006, January 3\u20137). Simulation-Sound NIZK Proofs for a Practical Language and Constant Size Group Signatures. Proceedings of the ASIACRYPT 2006, Shanghai, China."},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Kilian, J. (2001, January 19\u201323). Universally Composable Commitments. Proceedings of the CRYPTO 2001, Santa Barbara, CA, USA.","DOI":"10.1007\/3-540-44647-8_2"},{"key":"ref_56","first-page":"6097","article-title":"PkT-SIN: A secure communication protocol for space information networks with periodic k-time anonymous authentication","volume":"19","author":"Yang","year":"2024","journal-title":"IEEE TIFS"},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Tian, Y., Zhang, S., Yang, G., Mu, Y., and Yu, Y. (2017, January 3\u20135). Privacy-preserving k-time authenticated secret handshakes. Proceedings of the ACISP 2017, Auckland, New Zealand.","DOI":"10.1007\/978-3-319-59870-3_16"},{"key":"ref_58","first-page":"273","article-title":"Ueber bilineare Formen","volume":"68","author":"Kronecker","year":"1868","journal-title":"J. F\u00fcR Reine Angew. Math."},{"key":"ref_59","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1080\/0025570X.1984.11977069","article-title":"The generalized Vandermonde matrix","volume":"57","author":"Kalman","year":"1984","journal-title":"Math. Mag."},{"key":"ref_60","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1016\/0020-0190(78)90067-4","article-title":"A probabilistic remark on algebraic program testing","volume":"7","author":"Demillo","year":"1978","journal-title":"Inf. Process. Lett."},{"key":"ref_61","doi-asserted-by":"crossref","unstructured":"Ng, E.W. (1979, January 1). Probabilistic algorithms for sparse polynomials. Proceedings of the International Symposium on Symbolic and Algebraic Computation, Marseille, France.","DOI":"10.1007\/3-540-09519-5"},{"key":"ref_62","doi-asserted-by":"crossref","first-page":"701","DOI":"10.1145\/322217.322225","article-title":"Fast Probabilistic Algorithms for Verification of Polynomial Identities","volume":"27","author":"Schwartz","year":"1980","journal-title":"J. ACM"}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/3\/59\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:44:42Z","timestamp":1760035482000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/3\/59"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,12]]},"references-count":62,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025,9]]}},"alternative-id":["cryptography9030059"],"URL":"https:\/\/doi.org\/10.3390\/cryptography9030059","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2025,9,12]]}}}