Score:1

Current status of ring signatures/proof of set membership

mx flag

I understand the original O(n) implementation of a ring signature, but I'm trying to figure out where the state of the art is on signing a message as an anonymous member of an ad hoc group without revealing which member of the group signed it. It seems there are sublinear implementations, but I don't have a good grasp of their tradeoffs, and some have been shown to be insecure years later. For example, I've found: http://diyhpl.us/~bryan/papers2/bitcoin/Practical%20constant-size%20ring%20signature.pdf, which seems to require a trusted third party to accumulate public keys, but a follow up a couple years later seems to have shown it to be forgeable. I'm also aware of papers on "zero knowledge proof of set membership", which sounds similar, but I'm not sure is the same as a ring signature.

I would greatly appreciate an overview of current implementations.

Score:1
gd flag

Regarding crypto working now (or soon) I guess three candidates for that state of the art are Lelantus Spark from Firo (formerly Zcoin), Triptych and Seraphis (from Monero entourage): Triptych was the earlier, but it seemed to have problems with multisig so the other two have been developed:

Sorry, I haven't had time yet to go deeper about them, but here it is some entry points:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.