Source: HelloFuture

Introduction

Cryptocurrencies have been widely adopted partly because they offer privacy for financial transactions, a feature that can be used for legitimate and illicit purposes.

One cryptographic technique contributing to this privacy feature is Ring Signatures, a concept introduced in 2001 by Rivest, Shamir, and Tauman. This technique was initially designed for privacy-preserving digital signatures and was adopted for blockchain technology by CryptoNote in 2012. Ring Signatures allow for the anonymity of transactions by concealing the sender’s signature among a group of decoy addresses.

What are Ring Signatures?

Ring signatures are a type of cryptographic digital signature that allows a signer to prove they have signed a message while keeping their identity concealed from potential signers.

In traditional digital signatures, a signature is associated with a specific sender. The signature is created using a private key and can be verified with the corresponding public key. This means that the digital signature confirms the claimed sender sent the message through verification with the sender’s public key.

In contrast, a ring signature hides the signer’s identity within a group of randomly selected public keys, known as a “Ring,” which includes multiple participants.

How Do Ring Signatures Work?

Ring signatures function by allowing a signer to generate a verifiable signature without revealing which specific member of a group signed the message. To sign a message, the anonymous signer requires his private key and the public keys of the people in the group.

Source: Semanticscholar

The actual signer chooses a group of public keys, including their own, to form a ring, and a mathematical function blends the private key of the actual signer with the public keys of others.

The resulting signature is indistinguishable from a signature that any of the other public keys could have produced, and anyone can verify that the signature is valid and was signed by someone in the group. However, identifying the actual signer remains computationally infeasible.

Ring Signatures and Blockchain Technology

Public blockchains keep a record of all transactions, although these records are stored as binary and hexadecimal, on-chain analysts can track the activity of addresses and easily create a link between the sender and receiver of a transaction, denying them their privacy. Hence, a need for a feature that hides their activity.

The use of Ring Signature in cryptocurrency can be traced to the launch of CryptoNote in 2012, an application layer protocol designed for use with cryptocurrencies that aims to solve specific problems identified in Bitcoin. It would serve as the foundation for popular privacy-focused cryptocurrencies such as Monero and Mobilecoin.

Monero

Monero is a privacy-focused and censorship-resistant cryptocurrency, known for features that make it extremely difficult for transactions to be traced or tracked. It combines ring signatures, stealth addresses, and ring confidential transactions to create a private transaction.

How Monero Applies Ring Signatures

Monero’s ring signature uses the sender’s account keys along with several public keys (also known as outputs) taken from previous transactions of other users. This creates a ring of potential signers. As a result, an outside observer cannot determine which signer in the group corresponds to your account.

Source: Messari

Mobilecoin

Operating like Monero, MobileCoin transactions use a Ring Signature construction to demonstrate that the actual input used for the payment is part of a larger set, without disclosing which specific input was spent. However, Mobilecoin uses a more lightweight implementation of ring signatures to make transactions efficient.

Notable Alternatives to Ring Signatures

Zero-Knowledge Proofs

Zero-knowledge proof is a cryptographic method that allows one party (the prover) to prove to another party (the verifier) that a statement is true without revealing any information beyond the validity of the statement itself.

Unlike Ring Signatures, which only hide the sender, ZK Proofs can conceal the sender, receiver, and transaction amount. This makes ZK Proofs far more private than Ring Signatures. For example, zk-SNARKs produce very small proof sizes, making transactions lighter than Monero’s growing ring signature sets.

Despite their advantages, ZK Proofs are cryptographically complex and computationally expensive, making implementation challenging for many blockchains.

Confidential Transactions

A Confidential Transaction is a cryptographic technique that conceals the transaction amount while ensuring its integrity and validity. It focuses on hiding transaction amounts through Pedersen Commitments, which allow nodes to verify that a transaction is valid without revealing the actual amounts.

Confidential Transactions do not obscure the sender or receiver and are usually combined with other privacy methods (like stealth addresses or Bulletproofs) for complete anonymity.

Comparison of Ring Signatures, Zk Proofs, and Confidential Transactions

Advantages of Ring Signatures

Privacy

Ring signatures obscure the sender’s identity by mixing their transaction input with decoys from a larger set of possible signers; with this, an observer cannot determine which ring member initiated the transaction.

Decentralization

Users do not need to interact with others to form a ring signature group; they can generate a transaction on their own while still using multiple decoys for privacy.

Unlinkability

Transactions signed with ring signatures cannot be linked to a particular sender, even if the same user signs multiple transactions. This is because each transaction produces a new, unique cryptographic signature that does not reveal whether the same private key was used before.

Disadvantages of Ring Signatures

Higher Computational Costs

Due to multiple public keys being included in the signature, ring signatures lead to larger transaction sizes, which can cause network congestion and slow down transactions, subjecting users to higher fees.

Risk of Abuse

Ring signatures’ strong privacy guarantees make them attractive tools for illicit activities. Criminals can use privacy coins with ring signatures to transfer illicit funds or purchase illegal items.

Anonymity is not Guaranteed

While ring signatures enhance privacy, they do not provide absolute anonymity. The anonymity set is limited to the number of decoys included in a transaction. The true sender may still be identifiable through rigorous analysis if the ring size is small.

Regulatory Restrictions

Ring signatures have drawn increased scrutiny from governments and financial regulators. In 2020, the U.S. Secret Service recommended stricter regulations on privacy-focused cryptocurrencies, citing concerns about their potential use in illegal activities. Countries like Japan have already banned privacy coins from regulated exchanges.

Conclusion

Ring signatures are a cryptographic technology that conceals a sender’s identity among possible signers, making it difficult for observers to identify who initiated a transaction. While this technology provides anonymity, it’s not without its challenges. Transactions can become larger due to the added data required for anonymity, which may lead to slower processing times and increased fees. Also, anonymity can be misused for fraudulent activities, complicating the balance between privacy and security.

Prominent blockchain projects like Monero and Mobilecoin use ring signatures as key components of their privacy strategies. Combined with other privacy features, ring signatures create a reliable framework for protecting user privacy on the blockchain.