|
MoneroResearch.info |
 |
 |
 |
|
Wang, N., & Chau, S. C.-K. 2022, Flashproofs: Efficient zero-knowledge arguments of range and polynomial evaluation with transparent setup. Paper presented at International Conference on the Theory and Application of Cryptology and Information Security. Added by: Jack (04/11/2025, 16:02) Last edited by: Jack (04/11/2025, 16:03) |
 |
| Resource type: Proceedings Article BibTeX citation key: Wang2022 View all bibliographic details  |
Categories: Monero-focused Creators: Chau, Wang Publisher: Springer Collection: International Conference on the Theory and Application of Cryptology and Information Security |
Views: 77/77
|
Attachments
2022-1251.pdf  [28/28]
|
URLs https://eprint.iacr.org/2022/1251.pdf |
| Abstract |
|
We propose Flashproofs, a new type of efficient special honest verifier zero-knowledge arguments with a transparent setup in the discrete logarithm (DL) setting. First, we put forth gas-efficient range arguments that achieve π(π 2 3 ) communication cost, and involve π(π 2 3 ) group exponentiations for verification and a slightly sub-linear number of group exponentiations for proving with respect to the range [0, 2 π β 1], where π is the bit length of the range. For typical confidential transactions on blockchain platforms supporting smart contracts, verifying our range arguments consumes only 234K and 315K gas for 32-bit and 64-bit ranges, which are comparable to 220K gas incurred by verifying the most efficient zkSNARK with a trusted setup (EUROCRYPT '16) at present. Besides, the aggregation of multiple arguments can yield further efficiency improvement. Second, we present polynomial evaluation arguments based on the techniques of Bayer & Groth (EUROCRYPT '13). We provide two zero-knowledge arguments, which are optimised for lower-degree (π· β [3, 2 9 ]) and higher-degree (π· > 2 9 ) polynomials, where π· is the polynomial degree. Our arguments yield a non-trivial improvement in the overall efficiency. Notably, the number of group exponentiations for proving drops from 8 log π· to 3(log π· + βοΈ log π·). The communication cost and the number of group exponentiations for verification decrease from 7 log π· to (log π· + 3 βοΈ log π·). To the best of our knowledge, our arguments instantiate the most communication-efficient arguments of membership and non-membership in the DL setting among those not requiring trusted setups. More importantly, our techniques enable a significantly asymptotic improvement in the efficiency of communication and verification (group exponentiations) from π(log π·) to π( βοΈ log π·) when multiple arguments satisfying different polynomials with the same degree and inputs are aggregated.
|