Efficient Proofs that a Committed Number Lies in an Interval

  • Fabrice Boudot
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1807)


Alice wants to prove that she is young enough to borrow money from her bank, without revealing her age. She therefore needs a tool for proving that a committed number lies in a specific interval. Up to now, such tools were either inefficient (too many bits to compute and to transmit) or inexact (i.e. proved membership to a much larger interval). This paper presents a new proof, which is both efficient and exact. Here, “efficient” means that there are less than 20 exponentiations to perform and less than 2 Kbytes to transmit. The potential areas of application of this proof are numerous (electronic cash, group signatures, publicly verifiable secret encryption, etc ...).


Expansion Rate Discrete Logarithm Security Parameter Secret Sharing Scheme Large Order 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bao, F.: An Efficient Verifiable Encryption Scheme for Encryption of Discrete Logarithms. Proceedings of CARDIS’98 (1998)Google Scholar
  2. 2.
    Brickell, E., Chaum, D., Damgård, I., Van de Graaf, J.: Gradual and Verifiable Release of a Secret. Proceedings of CRYPTO’87, LNCS 293 (1988) 156–166Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Random Oracles are Practical: a Paradigm for Designing Efficient Protocols. Proceedings of the First Annual Conference and Communications Security (1993) 62–73Google Scholar
  4. 4.
    Boudot, F., Traoré, J.: Efficient Publicly Verifiable Secret Sharing Schemes with Fast or Delayed Recovery. Proceedings of the Second International Conference on Information and Communication Security, LNCS 1726 (1999) 87–102Google Scholar
  5. 5.
    Cramer, R., Damgård, I., Schoenmakers, B.: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. Proceedings of CRYPTO’94, LNCS 839 (1997) 174–187Google Scholar
  6. 6.
    Chaum, D., Evertse, J.-H., Van de Graaf, J.: An Improved Protocol for Demonstrating Possession of Discrete Logarithm and Some Generalizations. Proceedings of EUROCRYPT’87, LNCS 304 (1998) 127–141Google Scholar
  7. 7.
    Chan, A., Frankel, Y., Tsiounis, Y,: Easy Come-Easy Go Divisible Cash. Proceedings of EUROCRYPT’98, LNCS 1403 (1998) 561–575Google Scholar
  8. 8.
    Chan, A., Frankel, Y., Tsiounis, Y,: Easy Come-Easy Go Divisible Cash. Updated version with corrections, GTE Tech. Rep. (1998), available at
  9. 9.
    Camenisch, J., Michels, M.: A Group Signature Scheme Based on an RSA-Variant. Tech. Rep. RS-98-27, BRICS, Dept. of Comp. Sci., University of Aarhus, available at (1998)
  10. 10.
    Camenisch, J., Michels, M.: Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes. Proceedings of EUROCRYPT’99, LNCS 1592 (1999) 106–121Google Scholar
  11. 11.
    Camenisch, J., Michels, M.: Separability and Efficiency for Generic Group Signature Schemes. Proceedings of CRYPTO’99, LNCS 1666 (1999) 413–430Google Scholar
  12. 12.
    Chaum, D., Pedersen, T.-P.: Wallet Databases with Observers. Proceedings of CRYPTO’92, LNCS 740 (1992) 89–105Google Scholar
  13. 13.
    Fujisaki, E., Okamoto, T.: Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. Proceedings of CRYPTO’97, LNCS 1294 (1997) 16–30Google Scholar
  14. 14.
    Fujisaki, E., Okamoto, T.: A Practical and Provably Secure Scheme for Publicly Verifiable Secret Sharing and Its Applications, Proceedings of EUROCRYPT’98, LNCS 1403 (1998) 32–46Google Scholar
  15. 15.
    Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. Proceedings of CRYPTO’86, LNCS 263 (1986) 186–194Google Scholar
  16. 16.
    Girault, M.: Self-Certified Public Keys. Proceedings of EUROCRYPT’91, LNCS 547 (1991) 490–497Google Scholar
  17. 17.
    Mao, W.: Guaranteed Correct Sharing of Integer Factorization with Off-line Shareholders. Proceedings of Public Key Cryptography 98, (1998) 27–42Google Scholar
  18. 18.
    Okamoto, T., Uchiyama, S.: A New Public-Key Cryptosystem as Secure as Factoring. Proceedings of EUROCRYPT’98, LNCS 1403 (1998) 308–318Google Scholar
  19. 19.
    Schnorr, C.-P.: Efficient Signature Generation for Smart Cards Journal of Cryptology, (4:3) (1991) 239–252CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Fabrice Boudot
    • 1
  1. 1.France Télécom - CNETCaen Cedex 4France

Personalised recommendations