A ring signature lets one member of a group sign a transaction while cryptographically blending their real signing key with the public keys of every other member, so a verifier can confirm the signature came from someone in that group but has no mathematical way to isolate who. No group member needs to consent or coordinate: the signer simply gathers public keys already visible on the network and combines them with their own private key to generate the signature.
The concept predates blockchain. Cryptographers Ron Rivest, Adi Shamir, and Yael Tauman introduced ring signatures in 2001 in a paper titled "How to Leak a Secret," originally proposing them as a way for an insider to leak information anonymously while still proving legitimate access. Their use for transaction privacy came later, most notably through the CryptoNote protocol.
In Monero, a privacy coin built on CryptoNote, every transaction input is signed with a scheme called MLSAG (Multilayered Linkable Spontaneous Anonymous Group signatures). The real output being spent is mixed with 15 decoy outputs pulled from past blockchain activity, forming a ring of 16 possible signers. A cryptographic "key image" tied to the real key stops the same output from ever being spent twice, without revealing which ring member produced the signature. Paired with stealth addresses and RingCT, which hides the transferred amount using bulletproofs, ring signatures let Monero obscure sender, receiver, and value at once.
The main tradeoff is size: each decoy adds data to a transaction, and statistical analysis has occasionally narrowed anonymity in edge cases. This is pushing Monero developers toward a successor system, FCMP++, a zero-knowledge proof approach that would expand the anonymity set from a fixed ring of 16 to the entire pool of unspent outputs on the chain.