Paper 2019/1255
Zero-Knowledge Proofs for Set Membership: Efficient, Succinct, Modular
Abstract
We consider the problem of proving in zero knowledge that an element of a public set satisfies a given property without disclosing the element, i.e., for some $u$, ``$u \in S$ and $P(u)$ holds''. This problem arises in many applications (anonymous cryptocurrencies, credentials or whitelists) where, for privacy or anonymity reasons, it is crucial to hide certain data while ensuring properties of such data. We design new \textit{modular} and \textit{efficient} constructions for this problem through new \textit{commit-and-prove zero-knowledge systems for set membership}, i.e. schemes proving $u \in S$ for a value $u$ that is in a public commitment $c_u$. We also extend our results to support {\em non-membership proofs}, i.e. proving $u \notin S$. Being commit-and-prove, our solutions can act as plug-and-play modules in statements of the form ``$u \in S$ and $P(u)$ holds'' by combining our set (non-)membership systems with any other commit-and-prove scheme for $P(u)$. Also, they work with Pedersen commitments over prime order groups which makes them compatible with popular systems such as Bulletproofs or Groth16. We implemented our schemes as a software library, and tested experimentally their performance. Compared to previous work that achieves similar properties---the clever techniques combining zkSNARKs and Merkle Trees in Zcash---our solutions offer more flexibility, shorter public parameters and $3.7 \times$--$30\times$ faster proving time for a set of size $2^{64}$.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. Minor revision. Design Codes and Cryptography
- DOI
- 10.1007/s10623-023-01245-1
- Keywords
- public-key cryptographyzero knowledgeapplications
- Contact author(s)
-
matteo @ matterlabs dev
dario fiore @ imdea org
dimitris kolonelos @ imdea org - History
- 2024-05-23: last of 6 revisions
- 2019-10-28: received
- See all versions
- Short URL
- https://ia.cr/2019/1255
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2019/1255, author = {Daniel Benarroch and Matteo Campanelli and Dario Fiore and Kobi Gurkan and Dimitris Kolonelos}, title = {Zero-Knowledge Proofs for Set Membership: Efficient, Succinct, Modular}, howpublished = {Cryptology {ePrint} Archive, Paper 2019/1255}, year = {2019}, doi = {10.1007/s10623-023-01245-1}, url = {https://eprint.iacr.org/2019/1255} }