Cryptology ePrint Archive: Report 2021/1405

Leaking Arbitrarily Many Secrets: Any-out-of-Many Proofs and Applications to RingCT Protocols

Tianyu Zheng and Shang Gao and Bin Xiao and Yubo Song

Abstract: In this paper, we propose any-out-of-many proofs, a logarithmic zero-knowledge scheme for proving knowledge of arbitrarily many secrets out of a public list. Unlike existing $k$-out-of-$N$ proofs [S\&P'21, CRYPTO'21], our approach also hides the exact amount of secrets $k$, which can be used to achieve a higher anonymity level. Furthermore, we enhance the efficiency of our scheme through a transformation that can adopt the improved inner product argument in Bulletproofs [S\&P'18], only $2 \cdot \lceil log_2(N) \rceil + 13$ elements need to be sent in a non-interactive proof.

We further use our proof scheme to implement both multiple ring signature schemes and RingCT protocols. For multiple ring signatures, we need to add a boundary constraint for the number $k$ to avoid the proof of an empty secret set. Thus, an improved version called bounded any-out-of-many proof is presented, which preserves all nice features of the original protocol such as high anonymity and logarithmic size. As for the RingCT, both the original and bounded proofs can be used safely. The result of the performance evaluation indicates that our RingCT protocol is more efficient and secure than others. We also believe our techniques are applicable in other privacy-preserving occasions.

Category / Keywords: cryptographic protocols / zero-knowledge, $k$-out-of-$N$ proof, ring signature, confidential transaction

Date: received 18 Oct 2021, last revised 24 Nov 2021

Contact author: tianzheng at polyu edu hk, shang-jason gao at polyu edu hk

Available format(s): PDF | BibTeX Citation

Version: 20211124:042929 (All versions of this report)

Short URL: ia.cr/2021/1405


[ Cryptology ePrint archive ]