A Non-interactive Range Proof with Constant Communication
نویسندگان
چکیده
In a range proof, the prover convinces the verifier in zeroknowledge that he has encrypted or committed to a value a ∈ [0, H ] where H is a public constant. Most of the previous non-interactive range proofs have been proven secure in the random oracle model. We show that one of the few previous non-interactive range proofs in the common reference string (CRS) model, proposed by Yuen et al. in COCOON 2009, is insecure. We then construct a secure non-interactive range proof that works in the CRS model. The new range proof can have (by different instantiations of the parameters) either very short communication (14 080 bits) and verifier’s computation (81 pairings), short combined CRS length and communication (log H group elements), or very efficient prover’s computation (Θ(logH) exponentiations).
منابع مشابه
Efficient Modular NIZK Arguments from Shift and Product
We propose a non-interactive product argument, that is more efficient than the one by Groth and Lipmaa, and a novel shift argument. We then use them to design several novel non-interactive zero-knowledge (NIZK) arguments. We obtain the first range proof with constant communication and subquadratic prover’s computation. We construct NIZK arguments for NPcomplete languages, Set-Partition, Subset-...
متن کاملInteractive PCP
An interactive-PCP (say, for the membership x ∈ L) is a proof that can be verified by reading only one of its bits, with the help of a very short interactive-proof. We show that for membership in some languages L, there are interactive-PCPs that are significantly shorter than the known (non-interactive) PCPs for these languages. Our main result is that the satisfiability of a constant depth Boo...
متن کاملBulletproofs: Efficient Range Proofs for Confidential Transactions
We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. Bulletproofs are especially well suited for efficient range proofs on committed values: they enable proving that a committed value is in a range using only 2 log2pnq ` 9 group and field elements, where n is the b...
متن کاملNew Non-Interactive Zero-Knowledge Subset Sum, Decision Knapsack And Range Arguments
We propose several new efficient non-interactive zero knowledge (NIZK) arguments in the common reference string model. The final arguments are based on two building blocks, a more efficient version of Lipmaa’s Hadamard product argument from TCC 2012, and a novel shift argument. Based on these two arguments, we speed up the recent range argument by Chaabouni, Lipmaa and Zhang (FC 2012). We also ...
متن کاملBulletproofs: Short Proofs for Confidential Transactions and More
We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. Bulletproofs are especially well suited for efficient range proofs on committed values: they enable proving that a committed value is in a range using only 2 log2pnq ` 9 group and field elements, where n is the b...
متن کامل