Paper 2024/1441
FlashSwift: A Configurable and More Efficient Range Proof With Transparent Setup
Abstract
Bit-decomposition-based zero-knowledge range proofs in the discrete logarithm (DLOG) setting with a transparent setup, e.g., Bulletproof (IEEE S\&P \textquotesingle 18), Flashproof (ASIACRYPT \textquotesingle 22), and SwiftRange (IEEE S\&P \textquotesingle 24), have garnered widespread popularity across various privacy-enhancing applications. These proofs aim to prove that a committed value falls within the non-negative range $[0, 2^N-1]$ without revealing it, where $N$ represents the bit length of the range. Despite their prevalence, the current implementations still suffer from suboptimal performance. Some exhibit reduced communication costs at the expense of increased computational costs while others experience the opposite. Presently, users are compelled to utilize these proofs in scenarios demanding stringent requirements for both communication and computation efficiency. In this paper, we introduce, FlashSwift, a stronger DLOG-based logarithmic-sized alternative. It stands out for its greater shortness and significantly enhanced computational efficiency compared with the cutting-edge logarithmic-sized ones for the most common ranges where $N \leq 64$. It is developed by integrating the techniques from Flashproof and SwiftRange without using a trusted setup. The substantial efficiency gains stem from our dedicated efforts in overcoming the inherent incompatibility barrier between the two techniques. Specifically, when $N=64$, our proof achieves the same size as Bulletproof and exhibits 1.1$\times$ communication efficiency of SwiftRange. More importantly, compared with the two, it achieves $2.3\times$ and $1.65\times$ proving efficiency, and $3.2\times$ and $1.7\times$ verification efficiency, respectively. At the time of writing, our proof also creates two new records of the smallest proof sizes, 289 bytes and 417 bytes, for 8-bit and 16-bit ranges among all the bit-decomposition-based ones without requiring trusted setups. Moreover, to the best of our knowledge, it is the first {\em configurable} range proof that is adaptable to various scenarios with different specifications, where the configurability allows to trade off communication efficiency for computational efficiency. In addition, we offer a bonus feature: FlashSwift supports the aggregation of multiple single proofs for efficiency improvement. Finally, we provide comprehensive performance benchmarks against the state-of-the-art ones to demonstrate its practicality.
Metadata
- Available format(s)
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. PETS 2024
- DOI
- https://doi.org/10.56553/popets-2024-0067
- Keywords
- Zero-knowledge range proofbit-decompositionlogarithmic-sizeconfigurabilitydiscrete logarithmtransparent setup
- Contact author(s)
-
nan wang @ data61 csiro au
dongxi liu @ data61 csiro au - History
- 2024-09-18: approved
- 2024-09-16: received
- See all versions
- Short URL
- https://ia.cr/2024/1441
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1441, author = {Nan Wang and Dongxi Liu}, title = {{FlashSwift}: A Configurable and More Efficient Range Proof With Transparent Setup}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/1441}, year = {2024}, doi = {https://doi.org/10.56553/popets-2024-0067}, url = {https://eprint.iacr.org/2024/1441} }