element of the ring uses an EX-OR function from the previous element (Figure 1).

Continue on medium.comEach of the random values for the other participants are then encrypted with the public key of the given participant. Bob then computes the value of ys in order to create the ring (the result of the ring must equal v). He will then inverse this value to produce the equivalent private key (xs). Bob now releases the overall signature, and the random x values, along with the computed secret key. To check the signature, the receive just computes the ring, and checks that the result matches the sent signature.

The basic method are:

1. Generate encryption with with k=Hash(message).

2. Generate a random value (u).

3. Encrypt u to give v=Ek(u).

4. For each person (apart from the sender):

4.1 Calculate e=si^{Pi} (mod Ni) and where si is the random number generated for the secret key of the ith party, and Pi is the public key of the party. 4.2 Calculate v=v⊕e5. For the signed party (z), calculate sz=(v⊕u)^d (mod Nz) and where d is the secret key of the signing party.

We will end up with the signature (v=Ek(u)), and which completes the ring.

I have created a demonstration of the original method here, and here is an outline presentation of the method [slides]:

A demo of the methods involved in this article is here. The basic method involves creating Bob creating fake private keys for the other people in the ring:

The verification of the ring is then:

Rings Signatures in MoneroThe major problem with the Bitcoin network, is that the amount of a transaction and the sender and receive of the funds are not private, and someone who knows someones address can trace their transactions. This is the case because the blockchain needs to check that the sender has enough funds to pay the recipient.Thus many cryptocurrencies are looking for ways of anonymising the transaction. Ethereum, for example, uses zk-Snarks to hide identities.

One method of preserving identity was proposed by Rivest et al and uses RSA encryption. Unfortunately it is not efficient for modern systems, thus Greg Maxwell’s defined an elliptic curve methods as a new way of creating the ring signature: the Borromean ring signature [paper].

The cryptocurrency Monero then adopted the method for anonymising transactions, but have since migrated to a new method: Multi-layered Linkable Spontaneous Anonymous Group signature. This method hides the transaction amount and the identity of the payer and recipient [paper]. It is now known as RingCT (Ring Confidential Transactions), and was rolled-out in January 2017 and mandatory for all transactions from September 2017.

ConclusionsThe major problem with the Bitcoin network, is that the amount of a transaction and the sender and receive of the funds are not private, and someone who knows someone’s address can trace their transactions. This is the case because the blockchain needs to check that the sender has enough funds to pay the recipient. Thus many cryptocurrencies are looking for ways of anonymising the transaction.

...