Paper 2019/1255

Zero-Knowledge Proofs for Set Membership: Efficient, Succinct, Modular

Daniel Benarroch, Inversed Technologies
Matteo Campanelli, Protocol Labs
Dario Fiore, IMDEA Software Institute
Kobi Gurkan, Geometry Research, cLabs
Dimitris Kolonelos, IMDEA Software Institute, Universidad Politécnica de Madrid

We consider the problem of proving in zero knowledge that an element of a public set satisfies a given property without disclosing the element, i.e., for some $u$, ``$u \in S$ and $P(u)$ holds''. This problem arises in many applications (anonymous cryptocurrencies, credentials or whitelists) where, for privacy or anonymity reasons, it is crucial to hide certain data while ensuring properties of such data. We design new \textit{modular} and \textit{efficient} constructions for this problem through new \textit{commit-and-prove zero-knowledge systems for set membership}, i.e. schemes proving $u \in S$ for a value $u$ that is in a public commitment $c_u$. We also extend our results to support {\em non-membership proofs}, i.e. proving $u \notin S$. Being commit-and-prove, our solutions can act as plug-and-play modules in statements of the form ``$u \in S$ and $P(u)$ holds'' by combining our set (non-)membership systems with any other commit-and-prove scheme for $P(u)$. Also, they work with Pedersen commitments over prime order groups which makes them compatible with popular systems such as Bulletproofs or Groth16. We implemented our schemes as a software library, and tested experimentally their performance. Compared to previous work that achieves similar properties---the clever techniques combining zkSNARKs and Merkle Trees in Zcash---our solutions offer more flexibility, shorter public parameters and $3.7 \times$--$30\times$ faster proving time for a set of size $2^{64}$.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. Design Codes and Cryptography
public-key cryptographyzero knowledgeapplications
Contact author(s)
matteo campanelli @ gmail com
dario fiore @ imdea org
dimitris kolonelos @ imdea org
2023-12-22: last of 5 revisions
2019-10-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Daniel Benarroch and Matteo Campanelli and Dario Fiore and Kobi Gurkan and Dimitris Kolonelos},
      title = {Zero-Knowledge Proofs for Set Membership: Efficient, Succinct, Modular},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1255},
      year = {2019},
      doi = {10.1007/s10623-023-01245-1},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.