A ring signature is a type of digital signature that makes it possible to determine a set of possible signers of a transaction without revealing which member(s) produced the signature. In a ring signature scheme, the ring is the set of all possible signers, the signer is the member who produces the real signature, and the non-signers are the decoys within the ring who do not produce the validating signature.
The digital signature consists of the actual signer combined with the non-signers, forming a “ring” in the process where all members are equal and valid. The actual signer has a one-time destination key that corresponds to the output address from the sender’s wallet, allowing it to verify the transaction. In this format, it is impossible for a third party to determine the actual sender out of the group of potential senders.
The size of a signature ring can vary, and this leads to a tradeoff between privacy and process efficiency. If the ring size is too small, the probability of the actual signer being discovered increases and the privacy will not be satisfactory against heuristic attacks. However, if the ring size is too large, there is only a marginal benefit for privacy and the time and verification costs of each transaction increase with each additional decoy.
To read the article that inspired the use of ring signatures in privacy coins, click here.