This article will explain what a ‘ring signature’ is and what goes into creating one.

**What is it?**

Ring signatures are digital signatures that a member of a group possessing their own keys can create and perform. A message with a ring signature receives an endorsement from someone in a specific group of people.

The people responsible for this concept are Ron Rivest, Adi Shamir, and Yael Tauman. Its launch was in 2001 and its initial introduction was at ASIACRYPT, an important international conference. The concept’s name derives from the ring-like structure of the signature algorithm.

With its technical design, it isn’t possible to properly determine the person in the group behind the signature’s creation. One of its security properties is that it has to be computationally impossible to determine the member (and their keys) behind the key’s production.

Ring signatures share some similarities with group signatures. This is a method for allowing a group member to anonymously sign a message on behalf of the group. An employee of a large company can use this scheme. Specifically, they can use it where it’s adequate for a verifier to acknowledge that a message has an employee’s signature. The same cannot be said regarding which particular employee was the one to sign it.

Regardless of the similarities, ring signatures differ from group signatures in two essential ways:

- There is no discernable way to revoke the anonymity of an individual signature
- Any group of users can be employed as a group without extra setup

**Creation**

Creating a ring begins with defining a group of entities. In a signature, these entities each have their own public/private key pairs of (P1, S1), (P1, S2), …, (Pn, Sn). Assuming we want an entity* i *to sign a message, they will have to use their own secret key (si). Conversely, the public keys belonging to the others in the group (m, si, P1…Pn).

With this, it should be possible to confirm the validity of the group by knowing of its public key. However, it’s not possible to determine a valid signature. This is especially true if there’s no knowledge of the private keys within the group.

**Example**

To better explain this, let’s imagine we have a group of four people. Each one of these group members possesses their own public and secret keys. One of these individuals wants to sign a message from the group. Originally, this person generates a random value v, and then random values (xi) for each of the other participants. The person takes their own secret key (si) and uses it to dictate a different secret key. In addition, determine which is the reverse of the encryption function.

This person now takes the message and obtains a hash of it. For context, a hash is a function that converts an input of numbers and letters into an encrypted output. It is an essential component in blockchain management in cryptocurrency. By taking a hash of the message, this person creates a key (k).

This key will be a tool for symmetric encryption to encrypt each of the elements of the ring (Ek). Then, each element of the ring utilizes an EX-OR function from the previous element.

Each of the participants’ random values undergoes encryption with the public key of the given participant. This person computes the value of ys to construct the ring (the result of the ring has to equal v). Then, they will inverse this value in order to produce the equivalent private key (xs). They now release the overall signature, as well as the random x values. Along with this is the secret key that’s gone through computation.

In order to check the signature, the receiver simply calculates the ring. Furthermore, they check that the result matches the sent signature.

**The basic method**

The following is a breakdown of the basic method of creating a ring:

- Generate encryption using k = Hash(message)
- Generate a random value (u)
- Encrypt u in order to give v = Ek(u)
- For each participant (apart from the sender):

4.1) Calculate e=si^{Pi} (mod Ni) and where si is the random number generated for the secret key of the ith party, and Pi is the public key of the party.

4.2) Calculate v=v⊕e - For the signed party (z), calculate sz = (v⊕u)^d (mod Nz) and where d is the signing party’s secret key

We will eventually end up with the signature (v = Ek[u]), and this finally completes the ring.

**Monero**

As popular and renowned as the Bitcoin network is, it has a handful of shortcomings. One of them is that both the number of transactions and the sender and receiver of the funds aren’t private. Moreover, someone who knows another person’s address is able to trace their transactions. This is due to the blockchain needing to check that the sender has enough funds to pay the recipient.

Because of this, numerous cryptocurrencies are seeking new ways of adding anonymity the transactions. For instance, Ethereum uses zk-Snarks as a means to conceal identities.

One particular method of identity preservation came from Rivet el al and employs RSA encryption. Unfortunately, its efficiency doesn’t meet the standards of the more modern systems. Thus, Greg Maxwell set an elliptic curve method as a new way to create the ring signature. This is the Borromean ring signature.

Monero is a cryptocurrency that took up the method for anonymizing transactions. However, they have since moved to a new technique: Multi-layered Linkable Spontaneous Anonymous Group signatures. This method effectively conceals the transaction amount and the payer and recipient’s identities. Nowadays, the name it goes by is RingCT (Ring Confidential Transactions).

**Conclusion**

With ring signatures providing a reliable system regarding anonymity, it would come as no surprise if they garner more prominence in the future.