Abstract
-
A ring signature scheme provides signer ambiguity by hiding a signer in a ring of arbitrary members
appropriately. A convertible ring signature scheme is an extension of a ring signature scheme that authenticates
a signer and proves that a real signer and no one else generated a ring signature. In this paper, we first show
that the recent convertible ring signature scheme proposed by Jeong et al. [16] is vulnerable to collusion attacks.
Second, we present a formal security model for a convertible ring signature with collusion resistance. The
security notion of a convertible ring signature is intrinsically different from that of an ordinary ring signature
due to the conversion property. For our collusion resistance, we consider full key exposure, that is, even an
adversary who knows all secret keys will not be able to break the collusion resistance. Finally, we construct a
novel convertible ring signature scheme with collusion resistance and prove the security of the scheme in the
presented security model. We also compare our scheme with the existing ring signature schemes in the literature
to show its advantages.