Cryptology ePrint Archive: Report 2021/1674

Efficient and Post-Quantum Zero-Knowledge Proofs for Blockchain Confidential Transaction Protocols

Shang GAO and Tianyu ZHENG and Yu GUO and Bin XIAO

Abstract: We propose new zero-knowledge proofs for efficient and post-quantum ring confidential transaction (RingCT) protocols based on lattice assumptions in Blockchain systems. First, we introduce an inner-product based linear equation satisfiability approach for balance proofs with a wide range (e.g. 64-bit precision). Unlike existing balance proofs that require additional proofs for some ''corrector values'' [CCS'19], our approach avoids the corrector values for better efficiency. Furthermore, we design a ring signature scheme to efficiently hide a user's identity in large anonymity sets. Different from existing approaches that adopt a one-out-of-many proof [CCS'19, Crypto'19], we show that a linear sum proof suffices in ring signatures which could avoid the costly binary proof part. We further use the idea of ''unbalanced'' relations to build a logarithmic-size ring signature scheme. Finally, we show how to adopt these techniques in RingCT protocols and implement a prototype to compare the performance with existing approaches. The results show our solutions can reduce about 25% proof size of Crypto'19, and up to 70% proof size, 30% proving time, and 20% verification time of CCS'19. We also believe our techniques are of independent interest for other privacy-preserving applications such as secure e-voting and are applicable in a generic setting.

Category / Keywords: cryptographic protocols / Lattice-based cryptography, zero-knowledge proof, balance proof, ring signature, RingCT, blockchain

Date: received 21 Dec 2021, last revised 19 Jan 2022

Contact author: shanggao at polyu edu hk

Available format(s): PDF | BibTeX Citation

Note: This is a quick fix version to rectify some mistakes in the previous version. The full version will include some major changes (will be available soon).

Version: 20220119:020734 (All versions of this report)

Short URL: ia.cr/2021/1674


[ Cryptology ePrint archive ]