A Non-interactive Range Proof with Constant Communication
In a range proof, the prover convinces the verifier in zero-knowledge that he has encrypted or committed to a value a ∈ [0, H] where H is a public constant. Most of the previous non-interactive range proofs have been proven secure in the random oracle model. We show that one of the few previous non-interactive range proofs in the common reference string (CRS) model, proposed by Yuen et al. in COCOON 2009, is insecure. We then construct a secure non-interactive range proof that works in the CRS model. The new range proof can have (by different instantiations of the parameters) either very short communication (14 080 bits) and verifier’s computation (81 pairings), short combined CRS length and communication (log1 / 2 + o (1)H group elements), or very efficient prover’s computation (Θ(logH) exponentiations).
KeywordsNIZK pairings progression-free sets range proof
Unable to display preview. Download preview PDF.
- 2.Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
- 7.Groth, J.: Honest Verifier Zero-Knowledge Arguments Applied. PhD thesis, University of Århus, Denmark (October 2004)Google Scholar
- 10.Groth, J., Sahai, A.: Efficient Non-Interactive Proof Systems for Bilinear Groups. Technical Report 2007/155, International Association for Cryptologic Research (April 27, 2007), http://eprint.iacr.org/2007/155 (version 20100222:192509) (retrieved in December 2011)
- 14.Lipmaa, H.: Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments. Technical Report 2011/009, International Association for Cryptologic Research (January 5, 2011), http://eprint.iacr.org/2011/009
- 19.Sanders, T.: On Roth’s Theorem on Progressions. Annals of Mathematics 174(1), 619–636 (2011)Google Scholar
- 20.Tao, T., Vu, V.: Additive Combinatorics. Cambridge Studies in Advanced Mathematics. Cambridge University Press (2006)Google Scholar