6 releases (breaking)
0.6.0 | Jul 18, 2024 |
---|---|
0.5.0 | Jun 21, 2024 |
0.4.0 | May 10, 2024 |
0.3.0 | Mar 4, 2024 |
0.1.0 | Oct 2, 2023 |
#1508 in Cryptography
63 downloads per month
Used in 2 crates
(via proof_system)
515KB
12K
SLoC
Zero-knowledge range proof protocols based on set-membership check
Implements the following range proof and set-membership protocols.
- Set membership protocol using BB signature. Described in Fig.1 of the paper [1]. Code
- Range proof protocol as described in Fig.3 of the paper [1]. Considers a perfect-range, i.e. range of the form
[0, u^l)
whereu
is the base and the upper bound is a power of the base. Code - Range proof protocol as described in section 4.4 of the paper [1]. Considers an arbitrary range
[min, max)
. Some differences with the paper, check the module for more details. Code - Range proof using sumsets, based on Protocol 2 from the paper [2]. Code
- Implements the Keyed-Verification of the above protocols where the verifier knows the secret key of the BB sig. This makes the proof generation and verification more efficient by removing the need for pairings. This idea is taken from this PhD. thesis.
Above protocols use a pairing based signature called the weak-BB signature.
UPDATE: Implements variations of above protocols which use an optimized version of proving knowledge of weak-BB signature described in section 2.4 of the paper [3] which does not require the prover to do pairings which makes the proofs much shorter and faster to verify. This paper will be called the CDH paper
References:
[1]: Efficient Protocols for Set Membership and Range Proofs
[2]: Additive Combinatorics and Discrete Logarithm Based Range Protocols
[3]: Scalable Revocation Scheme for Anonymous Credentials Based on n-times Unlinkable Proofs
Dependencies
~7.5MB
~137K SLoC