Paper 2021/426

Generic Plaintext Equality and Inequality Proofs (Extended Version)

Olivier Blazy, Xavier Bultel, Pascal Lafourcade, and Octavio Perez Kempner


Given two ciphertexts generated with a public-key encryption scheme, the problem of plaintext equality consists in determining whether the ciphertexts hold the same value. Similarly, the problem of plaintext inequality consists in deciding whether they hold a different value. Previous work has focused on building new schemes or extending existing ones to include support for plaintext equality/inequality. We propose generic and simple zero-knowledge proofs for both problems, which can be instantiated with various schemes. First, we consider the context where a prover with access to the secret key wants to convince a verifier, who has access to the ciphertexts, on the equality/inequality without revealing information about the plaintexts. We also consider the case where the prover knows the encryption’s randomness instead of the secret key. For plaintext equality, we also propose sigma protocols that lead to non-interactive zero-knowledge proofs. To prove our protocols’ security, we formalize notions related to malleability in the context of public-key encryption and provide definitions of their own interest.

Note: This is the extended version of the article with the same title presented at Financial Cryptography 2021.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.To appear in Financial Cryptography 2021
Public-key encryptionGeneric plaintext equalityGeneric plaintext inequalityZero-knowledge proofs
Contact author(s)
octavio perez kempner @ ens fr
2021-04-06: received
Short URL
Creative Commons Attribution


      author = {Olivier Blazy and Xavier Bultel and Pascal Lafourcade and Octavio Perez Kempner},
      title = {Generic Plaintext Equality and Inequality Proofs (Extended Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2021/426},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.