**Efficient Non-Interactive Zero Knowledge Arguments for Set Operations**

*Prastudy Fauzi and Helger Lipmaa and Bingsheng Zhang*

**Abstract: **We propose a non-interactive zero knowledge \emph{pairwise multiset sum equality test (PMSET)} argument in the common reference string (CRS) model that allows a prover to show that the given committed multisets $\AAA_j$ for $j \in \set{1, 2, 3, 4}$ satisfy $\AAA_1 \uplus \AAA_2 = \AAA_3 \uplus \AAA_4$, i.e., every element is contained in $\AAA_1$ and $\AAA_2$ exactly as many times as in $\AAA_3$ and $\AAA_4$.
As a corollary to the $\PUTME$ argument, we present arguments that enable to efficiently verify the correctness of various (multi)set operations, for example, that one committed set is the intersection or union of two other committed sets.
The new arguments have constant communication and verification complexity (in group elements and group operations, respectively), whereas the CRS length and the prover's computational complexity are both proportional to the cardinality of the (multi)sets.
We show that one can shorten the CRS length at the cost of a small increase of the communication and the verifier's computation.

**Category / Keywords: **cryptographic protocols / Multisets, non-interactive zero knowledge, set operation arguments

**Original Publication**** (with minor differences): **FC 2014

**Date: **received 3 Jan 2014, last revised 6 Jan 2014

**Contact author: **helger lipmaa at gmail com

**Available format(s): **PDF | BibTeX Citation

**Version: **20140106:125152 (All versions of this report)

**Short URL: **ia.cr/2014/006

[ Cryptology ePrint archive ]