### 4 releases (breaking)

0.4.0 | May 10, 2024 |
---|---|

0.3.0 | Mar 4, 2024 |

0.2.0 | Oct 10, 2023 |

0.1.0 | Oct 2, 2023 |

#**2182** in Cryptography

**149** downloads per month

Used in **2** crates
(via proof_system)

**Apache-2.0**

470KB

11K
SLoC

# Zero-knowledge range proof protocols based on set-membership check

Implements the following range proof and set-membership protocols.

- Set membership protocol using BB signature. Described in Fig.1 of the paper [1]. Code
- Range proof protocol as described in Fig.3 of the paper [1]. Considers a perfect-range, i.e. range of the form

where`[``0``,`u`^`l)

is the base and the upper bound is a power of the base. Code`u` - Range proof protocol as described in section 4.4 of the paper [1]. Considers an arbitrary range

. Some differences with the paper, check the module for more details. Code`[`min`,`max) - Range proof using sumsets, based on Protocol 2 from the paper [2]. Code
- Implements the Keyed-Verification of the above protocols where the verifier knows the secret key of the BB sig. This makes the proof generation and verification more efficient by removing the need for pairings. This idea is taken from this PhD. thesis.

Above protocols use a pairing based signature called the weak-BB signature.

UPDATE: Implements variations of above protocols which use an optimized version of proving knowledge of weak-BB signature described in section 2.4 of the paper [3] which does not require the prover to do pairings which makes the proofs much shorter and faster to verify. This paper will be called the CDH paper

References:

[1]: Efficient Protocols for Set Membership and Range Proofs

[2]: Additive Combinatorics and Discrete Logarithm Based Range Protocols

[3]: Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs

#### Dependencies

~8MB

~154K SLoC