Linkable ring signature scheme with stronger security guarantees

Ring signatures enable a user to sign messages on behalf of an arbitrary set of users, called the ring. The signer-anonymity property guarantees that the signature does not reveal which member of the ring signed the message. The notion of linkable ring signatures (LRS) is an extension of the concept of ring signatures such that there is a public way of determining whether two signatures have been produced by the same signer. However, the existing LRS schemes may not be competent in some scenarios since they exhibit a gap to bridge as reflected on the security guarantees such as the absence of quantum-resistance, inadequate security notions, and a reliance on the random oracle heuristic . In this paper, we present a framework for LRS that provides stronger security guarantees. We instantiate the framework from standard lattice assumptions and prove the security in the standard model. Furthermore, we implement our scheme and conduct experimental evaluations, which demonstrate that the performances are practical for typical settings.