Efficient Non-Interactive Zero Knowledge Arguments for Set Operations

We propose a non-interactive zero knowledge pairwise multiset sum equality test (PMSET) argument in the common reference string (CRS) model that allows a prover to show that the given committed multisets Aj for j ∈ {1, 2, 3, 4} satisfy A1 ] A2 = A3 ] A4, i.e., every element is contained in A1 and A2 exactly as many times as in A3 and A4. As a corollary to the PMSET argument, we present arguments that enable to efficiently verify the correctness of various (multi)set operations, for example, that one committed set is the intersection or union of two other committed sets. The new arguments have constant communication and verification complexity (in group elements and group operations, respectively), whereas the CRS length and the prover’s computational complexity are both proportional to the cardinality of the (multi)sets. We show that one can shorten the CRS length at the cost of a small increase of the communication and the verifier’s computation.