A ring signature scheme allows a signer to sign a message anonymously, while the deniable ring signature scheme, introduced by Komano et al., guarantees that the signer should be involved in opening the signer anonymity. Gao et al. proposed the first lattice-based deniable ring signature scheme and claimed that their scheme satisfies the following security requirements: anonymity, traceability and non-frameability. In this work, we demonstrate that their scheme does not satisfy the latter two requirements. Specifically, we show that: (1) A malicious signer can produce a valid ring signature that violates traceability; (2) a malicious signer can also generate a valid ring signature that breaks non-frameability. Our attacks are simple and efficient, with successful probability close to 1. Then, we give a simple countermeasure to thwart the attack in (2). To prevent our attack in (1) is non-trivial, but we point out that a deniable ring signature scheme without the traceability property can still find applications in some specific situations.

环形签名方案允许签名者匿名签名消息，而由Komano等人提出的可拒绝的环形签名方案保证签名者应参与开放签名者匿名性。高等。提出了第一个基于格的可定义环签名方案，并声称它们的方案满足以下安全要求：匿名性，可追溯性和不可框架性。在这项工作中，我们证明了他们的方案不能满足后两个要求。具体来说，我们表明：（1）恶意签名者可以产生违反可追溯性的有效环形签名；（2）恶意签名者还可能生成有效的环形签名，从而破坏了不可框架性。我们的攻击简单有效，成功几率接近1。然后，我们提供了一个简单的对策来阻止（2）中的攻击。为防止我们在（1）中的攻击是不平凡的，但我们指出，没有可追溯性的可拒绝的环签名方案仍可以在某些特定情况下找到应用程序。