Signing as one member of a set of keys

Sat Aug 17 12:26:47 PDT 2002

Steps to verify the "ring signature" file (note: you must have the openssl
library installed):

1. Save http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00221.html,
as text, to the file ringsig.c.  Delete the paragraph of explanation, and/or any
HTML junk, so the file starts with:

/* Implementation of ring signatures from
 * http://theory.lcs.mit.edu/~rivest/RivestShamirTauman-HowToLeakASecret.pdf
 * by Rivest, Shamir and Tauman

and it ends with:

lPglqmmy3p4D+psNU1rlNv6yH/L0PgcuW7taVpbopjl4HLuJdWcKHJlXish3D/jb
eoQ856fYFZ/omGiO9x1D0BsnGFLZVWob4OIZRzO/Pc49VIhFy5NsV2zuozStId89
[...]
 */

2. The "[...]" above is where a remailer caused some of the signature
to be stripped out.  Replace the last few lines of ringsig.c with the
text from
http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00306.html.
This has the lines from the END PGP PUBLIC KEY BLOCK line onward.
The last lines of the ringsig.c file should be:

BjHTDH0VZeu3IxUFh37w2fIEehL8WrXvCoCMFnd1/bnn/qI/STXgg6as579/yBIJ
nJra7Ceru4q4wUssK79T6SdOM6wcvVg96ub4UOTaPO4wYhhadCbLFpl3tPfTLceb
 */

3. Compile ringsig.c using the openssl library, to form an executable file
"ringsig".  Try running ringsig and you will get a usage message.

4. Get the two perl scripts from
http://www.inet-one.com/cypherpunks/dir.2002.08.05-2002.08.11/msg00313.html
and save them as "ringver" and "ringsign".

5. Run the ringsig.c file through the "pgp" program to create a PGP key
ring file from the PGP PUBLIC KEY BLOCK data.  With the command line
version of PGP 2.6.2 the command is:

pgp -ka ringsig.c sigring.pgp

This will also show you the set of keys, one of which made the signature.

*** COULD SOMEONE PLEASE FOLLOW THE STEPS ABOVE AND PUT THE ringsig.c,
ringsign, ringver, AND sigring.pgp FILES ON A WEB PAGE SO THAT PEOPLE
CAN DOWNLOAD THEM WITHOUT HAVING TO GO THROUGH ALL THESE STEPS? ***

6. Finally, the verification step: run the ringver perl script, giving the
PGP key file created in step 5 as an argument, and giving it the ringsig.c
file as standard input:

./ringver sigring.pgp < ringsig.c

This should print the message "Good signature".

7. How do you know what this means?  For that you have to read the paper
referenced in the program to become convinced of the theory, and then to
study the program to be convinced that it implements the algorithm in the
paper.

8. To create your own signatures, create a PGP keyring file which holds
your own key as well as the keys of other people that you want people to
think might have issued the signature.  They must all be RSA public keys.
Create a PGP secring.pgp file which holds just your secret key, and change
your passphrase on that key to be blank.  (This is temporary, you can
change it back or delete the secring.pgp when you are done.)  Then use
the ringsign perl script:

"./ringsign filetosign pubkeyfile privkeyfile > outfile"

This will append a signature to the file you are signing.  You also need
to make sure the recipient knows the pubkeyfile, so you may want to send
that separately, or include it in the file being signed as was done in
this case.

9.  Please report whether you were able to succeed, and if not, which step
failed for you.  BTW there are a couple of papers on ring signatures to
be presented at Crypto 02 so there might be some new improvements coming
to the code if the ideas look good.  One possibility is extending them
to work with DSS keys in addition to the current RSA keys.