Traceable ring signatures: general framework and post-quantum security

Traceable ring signature (TRS), a variant of ring signature, allows a signer to sign a message anonymously labeled with a tag on behalf of a group of users, but may reveal the signer’s identity if he creates two signatures with the same tag. TRS provides accountable anonymity for users, and serves as an important role in e-voting systems and e-coupon services. However, current TRS schemes are built on hard problems in number theory that cannot resist quantum attackers. To address this issue, first, we propose a general framework of TRS, by using a non-interactive zero-knowledge proof of knowledge, a hash family, and a pseudorandom function with some additional properties. Then, by instantiating our framework, we give two concrete efficient TRS schemes from lattices and symmetric-key primitives respectively, and both of them are proven to be secure in the quantum random oracle model. Moreover, both schemes have logarithmic signature size.