Experimenting With Non-Interactive Range Proofs Based on the Strong RSA Assumption
Range proofs are proofs that a committed number m belongs to a range [a, b] for public constants a, b, without leaking any information about the value m. In this work, we evaluate and analyze the performance of existing techniques for range proofs based on the strong RSA assumption while varying the...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2019-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/8805328/ |
| id |
doaj-2191f0a57e3b47c1b670dd5d266a8df2 |
|---|---|
| record_format |
Article |
| spelling |
doaj-2191f0a57e3b47c1b670dd5d266a8df22021-03-30T00:00:09ZengIEEEIEEE Access2169-35362019-01-01711750511751610.1109/ACCESS.2019.29362108805328Experimenting With Non-Interactive Range Proofs Based on the Strong RSA AssumptionMyungsun Kim0https://orcid.org/0000-0002-0461-3053Hyung Tae Lee1https://orcid.org/0000-0002-0920-2026Department of Information Security, College of ICT Convergence, University of Suwon, Hwaseong-si, South KoreaDivision of Computer Science and Engineering, College of Engineering, Chonbuk National University, Jeonju, South KoreaRange proofs are proofs that a committed number m belongs to a range [a, b] for public constants a, b, without leaking any information about the value m. In this work, we evaluate and analyze the performance of existing techniques for range proofs based on the strong RSA assumption while varying the range sizes. We first group the techniques into two classes. Our experiments show that the first class, being built on finding sums of squares (e.g., Groth's range proof), has sharply decreasing performance trends as the range size increases. Thus, solutions in this class seem to be useful primarily for small ranges. The second class, which relies on a direct proof (e.g., Boudot's range proof), exposes that the performance degradation slopes are not as steep as the range size grows, compared to solutions in the first group. However, this class's main drawback is that these methods require considerably more modular arithmetic than the first class. Concretely, the Groth and Boudot protocols achieve the best performance when the range sizes are less than and greater than 1410 bits, respectively. As part of this work, we consider an extension by combining the strong points of existing solutions and examine the result efficiency. Interestingly, however, our experimental results report that this extension outperforms either Groth's or Boudot's protocol for certain ranges, but there is no range for which the extension outperforms both.https://ieeexplore.ieee.org/document/8805328/Non-interactive zero-knowledge proofrange proofstrong RSA assumption |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Myungsun Kim Hyung Tae Lee |
| spellingShingle |
Myungsun Kim Hyung Tae Lee Experimenting With Non-Interactive Range Proofs Based on the Strong RSA Assumption IEEE Access Non-interactive zero-knowledge proof range proof strong RSA assumption |
| author_facet |
Myungsun Kim Hyung Tae Lee |
| author_sort |
Myungsun Kim |
| title |
Experimenting With Non-Interactive Range Proofs Based on the Strong RSA Assumption |
| title_short |
Experimenting With Non-Interactive Range Proofs Based on the Strong RSA Assumption |
| title_full |
Experimenting With Non-Interactive Range Proofs Based on the Strong RSA Assumption |
| title_fullStr |
Experimenting With Non-Interactive Range Proofs Based on the Strong RSA Assumption |
| title_full_unstemmed |
Experimenting With Non-Interactive Range Proofs Based on the Strong RSA Assumption |
| title_sort |
experimenting with non-interactive range proofs based on the strong rsa assumption |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2019-01-01 |
| description |
Range proofs are proofs that a committed number m belongs to a range [a, b] for public constants a, b, without leaking any information about the value m. In this work, we evaluate and analyze the performance of existing techniques for range proofs based on the strong RSA assumption while varying the range sizes. We first group the techniques into two classes. Our experiments show that the first class, being built on finding sums of squares (e.g., Groth's range proof), has sharply decreasing performance trends as the range size increases. Thus, solutions in this class seem to be useful primarily for small ranges. The second class, which relies on a direct proof (e.g., Boudot's range proof), exposes that the performance degradation slopes are not as steep as the range size grows, compared to solutions in the first group. However, this class's main drawback is that these methods require considerably more modular arithmetic than the first class. Concretely, the Groth and Boudot protocols achieve the best performance when the range sizes are less than and greater than 1410 bits, respectively. As part of this work, we consider an extension by combining the strong points of existing solutions and examine the result efficiency. Interestingly, however, our experimental results report that this extension outperforms either Groth's or Boudot's protocol for certain ranges, but there is no range for which the extension outperforms both. |
| topic |
Non-interactive zero-knowledge proof range proof strong RSA assumption |
| url |
https://ieeexplore.ieee.org/document/8805328/ |
| work_keys_str_mv |
AT myungsunkim experimentingwithnoninteractiverangeproofsbasedonthestrongrsaassumption AT hyungtaelee experimentingwithnoninteractiverangeproofsbasedonthestrongrsaassumption |
| _version_ |
1724188741336039424 |