In this paper, we propose a new ID-based event-oriented linkable ring signature scheme,
with an option as revocable-iff-linked. With this option, if a user generates two linkable ring
signatures in the same event, everyone can compute his identity from these two signatures.
We are the first in the literature to propose such a secure construction in an ID-based
setting. Even compared with other existing non ID-based schemes, we enjoy significant
efficiency improvement, including constant signature size and linking complexity.
Our scheme can be also regarded as a normal ID-based ring signature. We are also the
first to propose such a scheme with constant signature size and enhanced privacy, namely
the signer is anonymous even to the PKG who has the master secret key.
We prove the security