Boudot’s Range-Bounded Commitment Scheme Revisited

  • Zhengjun Cao
  • Lihua Liu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4861)


Checking whether a committed integer lies in a specific interval has many cryptographic applications. In Eurocrypt’98, Chan et al. proposed an instantiation (CFT Proof). Based on CFT, Boudot presented a popular range-bounded commitment scheme in Eurocrypt’2000. Both CFT Proof and Boudot Proof are based on the encryption \(E(x, r)=g^xh^r\ \mbox{mod}\ n\), where n is an RSA modulus whose factorization is unknown by the prover. They did not use a single base as usual. Thus an increase in cost occurs. In this paper, we show that it suffices to adopt a single base. The cost of the modified Boudot Proof is about half of that of the original scheme. Moreover, the key restriction in the original scheme, i.e., both the discrete logarithm of g in base h and the discrete logarithm of h in base g are unknown by the prover, which is a potential menace to the Boudot Proof, is definitely removed.


range-bounded commitment knowledge of a discrete logarithm zero-knowledge proof 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bao, F.: An Efficient Verifiable Encryption Scheme for Encryption of Discrete Logarithms. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, Springer, Heidelberg (2000)Google Scholar
  2. 2.
    Brickell, E., Chaum, D., Damgård, I., Van de Graaf, J.: Gradual and Verifiable Release of a Secret. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 156–166. Springer, Heidelberg (1988)Google Scholar
  3. 3.
    Boudot, F.: Efficient Proofs that a Committed Number Lies in an Interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Boudot, F., Traoré, J.: Efficient Publicly Verifiable Secret Sharing Schemes with Fast or Delayed Recovery. In: Varadharajan, V., Mu, Y. (eds.) ICICS 1999. LNCS, vol. 1726, pp. 87–102. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Chaum, D., Evertse, J.-H., Van de Graaf, J.: An Improved Protocol for Demonstrating Possession of Discrete Logarithm and Some Generalizations. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 127–141. Springer, Heidelberg (1988)Google Scholar
  6. 6.
    Chan, A., Frankel, Y., Tsiounis, Y.: Easy Come Easy Go Divisible Cash. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 561–575. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  7. 7.
    Chan, A., Frankel, Y., Tsiounis, Y.: Easy Come Easy Go Divisible Cash. Updated version with corrections, GTE Tech. Rep. (1998), available at:
  8. 8.
    Camenisch, J., Michels, M.: Separability and Efficiency for Generic Group Signature Schemes. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 413–430. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Camenisch, J., Michels, M.: Proving in Zero-Knowledge that a Number is the Product of Two Safe Primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 106–121. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Chaum, D., Pedersen, T.-P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)Google Scholar
  11. 11.
    Damgård, I., Fujisaki, E.: A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 125–142. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    ElGamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  13. 13.
    Fujisaki, E., Okamoto, T.: Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  14. 14.
    Fujisaki, E., Okamoto, T.: A Practical and Provably Secure Scheme for Publicly Verifiable Secret Sharing and Its Applications. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 32–46. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  15. 15.
    Girault, M.: Self-Certified Public Keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)Google Scholar
  16. 16.
    Mao, W.: Guaranteed Correct Sharing of Integer Factorization with Off-line Share-holders. Proceedings of Public Key Cryptography 98, 27–42 (1998)Google Scholar
  17. 17.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  18. 18.
    Rivest, R., Shamir, A., Adleman, L.M.: A Mehtod for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Schnorr, C.-P.: Efficient Signature Generation for Smart Cards. Journal of Cryptology, 239–252 (1991)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Zhengjun Cao
    • 1
  • Lihua Liu
    • 2
  1. 1.Department of Mathematics, Shanghai University, ShanghaiChina
  2. 2.Department of Information and Computation Sciences, Shanghai Maritime University, ShanghaiChina

Personalised recommendations