Ring signatures explained in simple terms

Hi it’s Keir Finlow-Bates here, and I did
say yesterday that I was going to try to explain
ring signatures, so here is an analogy using
no computer science terms or mathematical
terms that hopefully will give you an idea
of what is going on.
So in this analogy we have people, who are
the equivalent of public keys, and we have
some blackmail information on one of those
people, and that’s the equivalent of a private
So you have ten people, say, and nine of these
people you have no control over whatsoever,
but the tenth person – you have that specific
leverage that means that they will do what
you say and what you are trying to do is you
are trying to prove to another party that
you do have this information on one of those
people, without revealing which person it
actually is.
That then gives you the anonymity property.
So what you do is: you get the ten people
to play a game of “I went to market”, and
it’s a particular game of “I went to market”
where each person is going to name two items
of fruit, and they take … one item of fruit
is passed on from the previous player, and
the other one they swap out the previous player’s
second item of fruit and they name a new one.
So, imagine that the tenth person is the one
that you have the blackmail information on.
The first person starts off and they will
just arbitrarily pick two items of fruit.
Now remember these, because it’s important
at the end.
So the first person says: “I went to market
and I bought an apple and a pear.”
Then the second person starts playing the
game and they say, “I went to market and I
bought an apple” and they swap out the pear
and they say, “and a banana.”
So they said “I bought an apple and a banana.”
And then the third person says, “I went to
market and I bought a banana and a pineapple.”
And so on.
All the way down to person number eight, and
by that time the fruits have all changed,
so person number eight may be saying “I went
to market and I bought a mango and a papaya.”
Now, person number nine might then say “I
bought a papaya and a peach”, and then we’re
on to the tenth person, the one that you actually
have control over, and you tell him that,
“I want you to swap out papaya for apple.”
And he’ll do that because you’ve got that
blackmail information on him.
So the tenth person says, “I went to market
and I bought an apple and a peach.”
And that then makes the circle, because now
you can link that back to the first one who,
remember, said “apple” and “pear”.
So “apple and peach” can turn into “apple
and pear” – it links together.
And when you look at the chain of fruits,
each person has named one fruit that the previous
person mentioned, and a new one, and a person
on the outside looking at that circle of fruits
that have been named can’t tell where it started
and where it finished.
However, they also know that you have to have
been able to tell one person to pick exactly
the right fruit in order to make the loop
So when they look at the whole set of ten
people, and … you have to make sure you
don’t present them in the order of 1 to 10,
you want to kind of rotate it round so that
people don’t know where you started, but when
you look at that circle of people and the
fruits that they’ve named, they all link together
back into a circle and the only way that could
happen (and remember we have millions of fruits
to choose from in the cryptography world,
not just the 200 or so that there are out
there in the real world.
I don’t know, maybe there are 2000 different
types of fruit in the real world), anyway,
the odds of a tenth person picking the correct
fruit to link them back to the first one are
so miniscule that in practice it can’t happen.
And therefore anybody looking in from the
outside knows that there must have been at
least one person that you were able to control
but they can’t tell which one it is.
Because the loop is totally symmetric, there’s
no … nothing in that loop that says “this
one is different from all the others” for
an outside observer.
And that is basically how ring signatures
So you may need to go back over this again,
because it is understandable but maybe not
In any case, I hope that helped explain the
concept, they are used in for example, Monero
in order to allow transactions to remain effectively
When a transaction has occurred, you have
a big group – might not just be 10, it might
be a hundred, and that means you have a 1%
chance of randomly picking the correct key
or in this case with the example the correct
person who was actually under control of the
person initiating the transaction.
I think it’s very neat, kind of fun, and it’s
interesting that there is actually a real
use for it.
I’ll see you in the next video soon.
Bye for now!

Add a Comment

Your email address will not be published. Required fields are marked *