Rafik Chaabouni scite author profile

Abstract. We consider the following problem: Given a commitment to a value σ, prove in zero-knowledge that σ belongs to some discrete set Φ. The set Φ can perhaps be a list of cities or clubs; often Φ can be a numerical range such as [1, 2 20 ]. This problem arises in e-cash systems, anonymous credential systems, and various other practical uses of zeroknowledge protocols.When using commitment schemes relying on RSA-like assumptions, there are solutions to this problem which require only a constant number of RSA-group elements to be exchanged between the prover and verifier [5,15,16]. However, for many commitment schemes based on bilinear group assumptions, these techniques do not work, and the best known protocols require O(k) group elements to be exchanged where k is a security parameter.In this paper, we present two new approaches to building set-membership proofs. The first is based on bilinear group assumptions. When applied to the case where Φ is a range of integers, our protocols require O( k log k−log log k ) group elements to be exchanged. Not only is this result asymptotically better, but the constants are small enough to provide significant improvements even for small ranges. Indeed, for a discrete logarithm based setting, our new protocol is an order of magnitude more efficient than previously known ones.We also discuss alternative implementations of our membership proof based on the strong RSA assumption. Depending on the application, e.g., when Φ is a published set of values such a frequent flyer clubs, cities, or other ad hoc collections, these alternative also outperform prior solutions.

show abstract

A Non-interactive Range Proof with Constant Communication

Chaabouni

Lipmaa

Zhang

2012

View full text Add to dashboard Cite

Abstract. In a range proof, the prover convinces the verifier in zeroknowledge that he has encrypted or committed to a value a ∈ [0, H] where H is a public constant. Most of the previous non-interactive range proofs have been proven secure in the random oracle model. We show that one of the few previous non-interactive range proofs in the common reference string (CRS) model, proposed by Yuen et al. in COCOON 2009, is insecure. We then construct a secure non-interactive range proof that works in the CRS model. The new range proof can have (by different instantiations of the parameters) either very short communication (14 080 bits) and verifier's computation (81 pairings), short combined CRS length and communication (log 1/2+o(1) H group elements), or very efficient prover's computation (Θ(log H) exponentiations).

show abstract

Additive Combinatorics and Discrete Logarithm Based Range Protocols

Chaabouni

Lipmaa

Shelat

2010

View full text Add to dashboard Cite

Abstract. We show how to express an arbitrary integer interval I = [0, H] as a sumset I = i=1 Gi * [0, u − 1] + [0, H ] of smaller integer intervals for some small values , u, and H < u − 1, where b * A = {ba : a ∈ A} and A + B = {a + b : a ∈ A ∧ b ∈ B}. We show how to derive such expression of I as a sumset for any value of 1 < u < H, and in particular, how the coefficients Gi can be found by using a nontrivial but efficient algorithm. This result may be interesting by itself in the context of additive combinatorics. Given the sumset-representation of I, we show how to decrease both the communication complexity and the computational complexity of the recent pairing-based range proof of Camenisch, Chaabouni and shelat from ASIACRYPT 2008 by a factor of 2. Our results are important in applications like e-voting where a voting server has to verify thousands of proofs of e-vote correctness per hour. Therefore, our new result in additive combinatorics has direct relevance in practice.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Rafik Chaabouni

Efficient Protocols for Set Membership and Range Proofs

A Non-interactive Range Proof with Constant Communication

Additive Combinatorics and Discrete Logarithm Based Range Protocols

Contact Info

Product

Resources

About