Cryptology ePrint Archive: Report 2014/006

Efficient Non-Interactive Zero Knowledge Arguments for Set Operations

Prastudy Fauzi and Helger Lipmaa and Bingsheng Zhang

Abstract: We propose a non-interactive zero knowledge \emph{pairwise multiset sum equality test (PMSET)} argument in the common reference string (CRS) model that allows a prover to show that the given committed multisets $\AAA_j$ for $j \in \set{1, 2, 3, 4}$ satisfy $\AAA_1 \uplus \AAA_2 = \AAA_3 \uplus \AAA_4$, i.e., every element is contained in $\AAA_1$ and $\AAA_2$ exactly as many times as in $\AAA_3$ and $\AAA_4$. As a corollary to the $\PUTME$ argument, we present arguments that enable to efficiently verify the correctness of various (multi)set operations, for example, that one committed set is the intersection or union of two other committed sets. The new arguments have constant communication and verification complexity (in group elements and group operations, respectively), whereas the CRS length and the prover's computational complexity are both proportional to the cardinality of the (multi)sets. We show that one can shorten the CRS length at the cost of a small increase of the communication and the verifier's computation.

Category / Keywords: cryptographic protocols / Multisets, non-interactive zero knowledge, set operation arguments

Original Publication (with minor differences): FC 2014

Date: received 3 Jan 2014, last revised 6 Jan 2014

Contact author: helger lipmaa at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20140106:125152 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]