Paper 2024/1441

FlashSwift: A Configurable and More Efficient Range Proof With Transparent Setup

Nan Wang, CSIRO's Data61
Dongxi Liu, CSIRO's Data61
Abstract

Bit-decomposition-based zero-knowledge range proofs in the discrete logarithm (DLOG) setting with a transparent setup, e.g., Bulletproof (IEEE S\&P \textquotesingle 18), Flashproof (ASIACRYPT \textquotesingle 22), and SwiftRange (IEEE S\&P \textquotesingle 24), have garnered widespread popularity across various privacy-enhancing applications. These proofs aim to prove that a committed value falls within the non-negative range $[0, 2^N-1]$ without revealing it, where $N$ represents the bit length of the range. Despite their prevalence, the current implementations still suffer from suboptimal performance. Some exhibit reduced communication costs at the expense of increased computational costs while others experience the opposite. Presently, users are compelled to utilize these proofs in scenarios demanding stringent requirements for both communication and computation efficiency. In this paper, we introduce, FlashSwift, a stronger DLOG-based logarithmic-sized alternative. It stands out for its greater shortness and significantly enhanced computational efficiency compared with the cutting-edge logarithmic-sized ones for the most common ranges where $N \leq 64$. It is developed by integrating the techniques from Flashproof and SwiftRange without using a trusted setup. The substantial efficiency gains stem from our dedicated efforts in overcoming the inherent incompatibility barrier between the two techniques. Specifically, when $N=64$, our proof achieves the same size as Bulletproof and exhibits 1.1$\times$ communication efficiency of SwiftRange. More importantly, compared with the two, it achieves $2.3\times$ and $1.65\times$ proving efficiency, and $3.2\times$ and $1.7\times$ verification efficiency, respectively. At the time of writing, our proof also creates two new records of the smallest proof sizes, 289 bytes and 417 bytes, for 8-bit and 16-bit ranges among all the bit-decomposition-based ones without requiring trusted setups. Moreover, to the best of our knowledge, it is the first {\em configurable} range proof that is adaptable to various scenarios with different specifications, where the configurability allows to trade off communication efficiency for computational efficiency. In addition, we offer a bonus feature: FlashSwift supports the aggregation of multiple single proofs for efficiency improvement. Finally, we provide comprehensive performance benchmarks against the state-of-the-art ones to demonstrate its practicality.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. PETS 2024
DOI
https://doi.org/10.56553/popets-2024-0067
Keywords
Zero-knowledge range proofbit-decompositionlogarithmic-sizeconfigurabilitydiscrete logarithmtransparent setup
Contact author(s)
nan wang @ data61 csiro au
dongxi liu @ data61 csiro au
History
2024-09-18: approved
2024-09-16: received
See all versions
Short URL
https://ia.cr/2024/1441
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1441,
      author = {Nan Wang and Dongxi Liu},
      title = {{FlashSwift}: A Configurable and More Efficient Range Proof With Transparent Setup},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1441},
      year = {2024},
      doi = {https://doi.org/10.56553/popets-2024-0067},
      url = {https://eprint.iacr.org/2024/1441}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.