Anonymity, in anonymous signatures means given an anonymous signature, an unauthorized entity cannot discover the signer's identity. We take the decentralized identity (DID) system as an example of applications of anonymous signatures. In a DID system, a DID identifies an entity and a verifiable credential (VC) proves that the DID holder has associated attributes. A verifiable presentation (VP) is used to prove the ownership of VCs. The World Wide Web (W3C) working group has been developing standards for DIDs and VCs. In their standards, they recommend using randomizable signatures with zero-knowledge proofs to achieve anonymous VPs. However, anonymous VPs supported by recommended mechanisms are limited that anonymous VPs of VCs cannot be used directly in the cross-domain settings because different issuers are supposed to independently that they cannot trust each others. To overcome this limitation, we propose two solutions. One is that we make use of ring signatures, in which users with different credentials issued by different issuers can hide their identity and attributes in a ring of users. The other one is that we introduce a notary to notarize all credentials using randomizable signatures. This ensures notarized credentials can be proved anonymously.

As the quantum computer poses great threats to traditional cryptographic primitives, the design of signatures is undergoing a transition to post-quantum security. Among various post-quantum signatures, we focus on hash-based signatures, and present one signature scheme and three anonymous signature schemes. Firstly, with the assistance of a blockchain, we design a hash-based one-time signature scheme; in this case, our scheme is simpler than previous hash-based one-time signatures. Secondly, to make SPHINCS+ construction zero-knowledge proof friendly, we modify the Forest of Random Subsets (FORS) tree to propose a tree structure called M-FORS tree and construct a F-SPHINCS+ hypertree using M-FORS trees, which is zero-knowledge proof friendly. Then we make use of the F-SPHINCS+ hypertree to generate group membership credentials. Further, making use of the F-SPHINCS+ hypertree as a common building block, we design a new hash-based group signature scheme, a new direct anonymous attestation (DAA) scheme and a new enhanced privacy ID (EPID) scheme. All of these three hash-based anonymous signature schemes can contain up to $2^{60}$ users, which is larger than the number of users all previous post-quantum anonymous signature schemes can contain.