Collusion-resistant convertible ring signature schemes
A ring signature scheme provides signer ambiguity by hiding a signer in a ring of arbitrary members appropriately. A convertible ring signature scheme is an extension of a ring signature scheme that authenticates a signer and proves that a real signer and no one else generated a ring signature. In this paper, we first show that the recent convertible ring signature scheme proposed by Jeong et al.  is vulnerable to collusion attacks. Second, we present a formal security model for a convertible ring signature with collusion resistance. The security notion of a convertible ring signature is intrinsically different from that of an ordinary ring signature due to the conversion property. For our collusion resistance, we consider full key exposure, that is, even an adversary who knows all secret keys will not be able to break the collusion resistance. Finally, we construct a novel convertible ring signature scheme with collusion resistance and prove the security of the scheme in the presented security model. We also compare our scheme with the existing ring signature schemes in the literature to show its advantages.