A ring signature enables an individual of a group to sign a message on behalf of the group without revealing the identity of the real signer. It is useful in the application of leaking authoritative secrets in an anonymous way. In this paper, we define a new type of ring signature called "Universal Ring Signature" (US(1,n)). In our scheme, a ring is not generated by a signer but by a signature holder. A signer just sign a message by a "standard" digital signature and when necessary, a signature holder can modify the standard digital signature into a ring signature by spontaneously conscript arbitrarily n - 1 entities and/or n - 1 messages at most. In addition, the signature holder generating the US(1,n) is not required to have any public/private key-pair. With this modification to the original ring signature, we allow any signature holder (ie., user of the signature) to protect personal privacy including signer anonymity and message ambiguity from the perspective of himself (instead of a signer). This kind of new protocol is useful when a signature is actually a certificate signed by a certificate issuer. We will show how to use this scheme to protect the identity of a certificate issuer and protect some sensitive information on a certificate. We will also show the relationship of our scheme with the standard ring signature and the relationship of our scheme with the universal designated verifier signature. Our scheme can actually be regarded as a generic construction of these two schemes. The security concerning to the unforgeability and privacy are also defined and proved in the random oracle model.

• 出版日期2013-5