Cryptology ePrint Archive: Report 2021/426

Generic Plaintext Equality and Inequality Proofs (Extended Version)

Olivier Blazy and Xavier Bultel and Pascal Lafourcade and Octavio Perez Kempner

Abstract: Given two ciphertexts generated with a public-key encryption scheme, the problem of plaintext equality consists in determining whether the ciphertexts hold the same value. Similarly, the problem of plaintext inequality consists in deciding whether they hold a different value. Previous work has focused on building new schemes or extending existing ones to include support for plaintext equality/inequality. We propose generic and simple zero-knowledge proofs for both problems, which can be instantiated with various schemes. First, we consider the context where a prover with access to the secret key wants to convince a verifier, who has access to the ciphertexts, on the equality/inequality without revealing information about the plaintexts. We also consider the case where the prover knows the encryption’s randomness instead of the secret key. For plaintext equality, we also propose sigma protocols that lead to non-interactive zero-knowledge proofs. To prove our protocols’ security, we formalize notions related to malleability in the context of public-key encryption and provide definitions of their own interest.

Category / Keywords: cryptographic protocols / Public-key encryption, Generic plaintext equality, Generic plaintext inequality, Zero-knowledge proofs

Original Publication (with major differences): To appear in Financial Cryptography 2021

Date: received 1 Apr 2021

Contact author: octavio perez kempner at ens fr

Available format(s): PDF | BibTeX Citation

Note: This is the extended version of the article with the same title presented at Financial Cryptography 2021.

Version: 20210406:071111 (All versions of this report)

Short URL: ia.cr/2021/426


[ Cryptology ePrint archive ]