How can you safely share information in the digital world without giving yourself away?
Situations
For example, a contributor to an open source project wants to talk about plans but remain anonymous.
Or another example: some technology company is involved in shady dealings and some honest employee wants to stop it. He doesn’t know how many like-minded people are like him, but at the same time he knows for sure that if these dark deeds are confirmed by only one or two people, they will quickly be fired and nothing will change. He writes a message on an anonymous forum and receives support from other users who claim that they are supposedly his colleagues, but this cannot be trusted because it could just be a troll.
Or simply some topic is prohibited for discussion that you really want to discuss.
How can this be? Use ring signatures!
Ring signature
A ring signature, unlike a regular signature, uses many public keys. A set of such public keys is called a ring, and to create a valid signature it is enough to know only one private key from this ring. Thus, the author of the signature is hidden among other possible authors.
If you take your public key (to which the private key is known) and the public keys of other people, you can make a signature from which it will be unclear who exactly signed it, but it will be known for sure that it was someone from the ring. Both anonymity and authenticity are maintained.
Signature example
First, let's create a key pair. In this example I will use the OpenSSH format for ED25519 keys
ssh-keygen -t ed25519 -N "" -f demoWe get two files: demo And demo.pub. Contents of the public key file:
> cat demo.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm1mCqNBuabE7TJtUUVvQUYQEa3TFuOShS9ytPahlx3 vasilii@carbonand with private (this is a demo, so you can safely post it)
> cat demo
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDJtZgqjQbmmxO0ybVFFb0FGEBGt0xbjkoUvcrT2oZcdwAAAJjU2/q/1Nv6
vwAAAAtzc2gtZWQyNTUxOQAAACDJtZgqjQbmmxO0ybVFFb0FGEBGt0xbjkoUvcrT2oZcdw
AAAEBtElLYWTIfj186r9w8EhF748GQuEVWtDs6jikaUcEK+cm1mCqNBuabE7TJtUUVvQUY
QEa3TFuOShS9ytPahlx3AAAADnZhc2lsaWlAY2FyYm9uAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----
Now let’s take public keys among which we will hide. I took a couple of React contributors (https://github.com/facebook/react/graphs/contributors) and their public keys from Github https://api.github.com/users/zpao/ssh_signing_keys And https://api.github.com/users/acdlite/ssh_signing_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7DuT1T4hHljylm/bTFKg8cGvfafQyI6O+aB1cHM7Yp
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIELtSHIyptiTWlcjVK5HxH+L+AvmcLM3wFNOi7Yqg7UWLet's add my public key to them, for example, in the last place, removing the part with the name (it works as a comment):
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7DuT1T4hHljylm/bTFKg8cGvfafQyI6O+aB1cHM7Yp
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIELtSHIyptiTWlcjVK5HxH+L+AvmcLM3wFNOi7Yqg7UW
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm1mCqNBuabE7TJtUUVvQUYQEa3TFuOShS9ytPahlx3You can create and verify a ring signature on the website https://cryptopoll.org/sign so we go there, import our private key (everything happens on the front end, the key does not go anywhere over the network), write a message in the left field, and a list of public keys in the right field:
We receive a signed message:
{"m":"Hello Habr, this is my secret message!",
"mh":"2d84e3b802b62840ff08025d06f3fe03e0c1d67314b2af473c92108318b44452",
"pkh":"b7822daca942eafac5e614063f5377ea3e2980baadfd57d02092aac799711a9f",
"sig":{"II":"650bf8d4a6fa616a2e68b11bf0d23735668328aa850f50a14c46017c882d32de",
"cc":"6180a0d3d2dcf5dde4892d7e4ba62e22a8217f8691d468471f6aee57aa2ded0e",
"ss":["2eb3080ebab3bd418c81fd220df62b2ab2f2dc4c8848f2f5c98290be66b46e0a",
"7d5b5e5218b4601ab0316869a51077dfe3f62e19956aaccfee39e26d011b5502",
"093fa9e5c809120f71b95f92c3eecee42e4be5499470c238a5f8942966b8bc03"
]}}Now you can send it to someone along with a list of public keys:
Всем привет, вот сообщение подписанное кем-то из нас:
{"m":"Hello Habr, this is my secret message!","mh":"2d84e3b802b62840ff08025d06f3fe03e0c1d67314b2af473c92108318b44452","pkh":"b7822daca942eafac5e614063f5377ea3e2980baadfd57d02092aac799711a9f","sig":{"II":"650bf8d4a6fa616a2e68b11bf0d23735668328aa850f50a14c46017c882d32de","cc":"6180a0d3d2dcf5dde4892d7e4ba62e22a8217f8691d468471f6aee57aa2ded0e","ss":["2eb3080ebab3bd418c81fd220df62b2ab2f2dc4c8848f2f5c98290be66b46e0a","7d5b5e5218b4601ab0316869a51077dfe3f62e19956aaccfee39e26d011b5502","093fa9e5c809120f71b95f92c3eecee42e4be5499470c238a5f8942966b8bc03"]}}
Публичные ключи были использованны вот эти, то, что они принадлежат нам можно проверить на гитхабе
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7DuT1T4hHljylm/bTFKg8cGvfafQyI6O+aB1cHM7Yp
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIELtSHIyptiTWlcjVK5HxH+L+AvmcLM3wFNOi7Yqg7UW
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm1mCqNBuabE7TJtUUVvQUYQEa3TFuOShS9ytPahlx3Any recipient can check that the keys really are on Github and that the signature is correct by visiting https://cryptopoll.org/verify
What kind of site is this anyway?
Ring signatures were invented quite a long time ago, more than 20 years ago. In the real world, these signatures are used in the Monero cryptocurrency, which provides complete anonymity. Because Because cryptocurrency costs real money and so does its anonymity, such crypto code is subject to particularly high security requirements. There is still no known method to hack or de-anonymize ring signatures and implement them in Monero. The site above is simply a copy-paste of code from cryptocurrency into WebAssembly, one-to-one as in cryptocurrency transactions.
Same message author or different?
How to understand that messages are from different authors or from the same one? For this purpose, the ring signature contains a key image, which is something like a hash of the private key. If the same private key was used to create the signature, then the key image will be the same, even if a different ring is used.
For example, here's another message (using the same public key ring):
{"m":"Hi, this is my second message!",
"mh":"297c352910c386aac52c171beef2099a58432f6307cc7cf67709b48498168af8",
"pkh":"b7822daca942eafac5e614063f5377ea3e2980baadfd57d02092aac799711a9f",
"sig":{"II":"650bf8d4a6fa616a2e68b11bf0d23735668328aa850f50a14c46017c882d32de",
"cc":"190394d0406ec4b2ef04b38f8a86f93a0682cbdd39f3caa4d7e881c723a6fd07",
"ss":["20054842302128c11edc6ec9d806791017c3bbd1f45733ac6a28bb04184bf20d",
"a727e3cb30cdf8e360921ae6f5eca512e7148181322e24f1625aa0c239ac1409",
"70318a843f7e9a052e0f4bff9ccdf69d47558046a0b89d979e8dff1db900110f"
]}}When checking the signature we see that the key image 650bf8d4a6fa616a2e68b11bf0d23735668328aa850f50a14c46017c882d32de exactly the same as before, so we understand that these messages have the same author:
Accordingly, when the key image is different, we can be sure that the authors are different.
In Monero, this key image is used to prevent double spending.
Other possible uses of ring signature
In addition to the examples given at the very beginning, this cryptographic approach can be used to organize elections or collect feedback. Anonymity is ensured by the ring, and the presence of a key image provides protection against double voting.
The difficulty may be the initial phase of collecting public keys, but since… developers quite often add their public keys to GitHub, then you can use this platform as a registry of public keys.
Right now I can already take the keys of my colleagues from Github, take my Github key, make a message for example, “My boss is good,” and distribute this message on forums or sites like glassdoor. In this case, accusations of cheating will be unfounded because this is really a message from some employee. Also, if the review is negative, then the company will no longer be able to get away with the machinations of competitors!
Total
Ring signatures are a powerful cryptographic tool that has not yet been used to its full potential in everyday life, but has proven security over many years of use in the Monero cryptocurrency.
