This paper introduces the concept of *ring signatures*, which allow a signer to produce a signature without revealing their identity. Unlike group signatures, ring signatures do not require a group manager, setup procedures, revocation procedures, or coordination among members. Any user can choose a set of possible signers, including themselves, and sign a message using their secret key and the public keys of the other members. The main contribution is a new construction of ring signatures that is unconditionally signer-ambiguous, provably secure in the random oracle model, and efficient, with each additional ring member increasing the cost by a single modular multiplication and a single symmetric encryption. The paper also discusses the application of ring signatures in leaking secrets anonymously, such as a cabinet member sending a confidential message to a journalist without revealing their identity. Additionally, it explores the use of ring signatures in designated verifier signature schemes, where signatures can only be verified by a designated verifier chosen by the signer, useful for authenticating casual emails without legal implications. The proposed ring signature scheme is based on RSA or Rabin trapdoor permutations and symmetric encryption. It ensures that the signer's identity is unconditionally protected and provides computational anonymity. The scheme is efficient, with signing and verification requiring only a few modular operations and symmetric encryption. The paper also discusses the security of the scheme, showing that it is secure in the random oracle model and provides a reduction from forging ring signatures to inverting trapdoor one-way functions.This paper introduces the concept of *ring signatures*, which allow a signer to produce a signature without revealing their identity. Unlike group signatures, ring signatures do not require a group manager, setup procedures, revocation procedures, or coordination among members. Any user can choose a set of possible signers, including themselves, and sign a message using their secret key and the public keys of the other members. The main contribution is a new construction of ring signatures that is unconditionally signer-ambiguous, provably secure in the random oracle model, and efficient, with each additional ring member increasing the cost by a single modular multiplication and a single symmetric encryption. The paper also discusses the application of ring signatures in leaking secrets anonymously, such as a cabinet member sending a confidential message to a journalist without revealing their identity. Additionally, it explores the use of ring signatures in designated verifier signature schemes, where signatures can only be verified by a designated verifier chosen by the signer, useful for authenticating casual emails without legal implications. The proposed ring signature scheme is based on RSA or Rabin trapdoor permutations and symmetric encryption. It ensures that the signer's identity is unconditionally protected and provides computational anonymity. The scheme is efficient, with signing and verification requiring only a few modular operations and symmetric encryption. The paper also discusses the security of the scheme, showing that it is secure in the random oracle model and provides a reduction from forging ring signatures to inverting trapdoor one-way functions.