Paper 2007/376

An Efficient Range-Bounded Commitment Scheme

Zhengjun Cao

Abstract

Checking whether a committed integer lies in a specific interval has many cryptographic applications. In Eurocrypt'98, Chan et al. proposed an instantiation (CFT for short). Based on CFT, Boudot presented an efficient range-bounded commitment scheme in Eurocrypt'2000. Both CFT proof and Boudot proof are based on the encryption $E(x, r)=g^xh^r\ \mbox{mod}\ n$, where $n$ is an RSA modulus whose factorization is \textit{unknown} by the prover. They did not use a single base as usual. Thus an increase in cost occurs. In this paper we show that it suffices to adopt a single base. The cost of the improved Boudot proof is about half of that of the original scheme. Moreover, the key restriction in the original scheme, i.e., both the discrete logarithm of $g$ in base $h$ and the discrete logarithm of $h$ in base $g$ are unknown by the prover, which is a potential menace to the Boudot proof, is definitely removed.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
range-bounded commitmentknowledge of a discrete logarithmzero-knowledge proof
Contact author(s)
caozhj @ shu edu cn
History
2007-09-21: received
Short URL
https://ia.cr/2007/376
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2007/376,
      author = {Zhengjun Cao},
      title = {An Efficient Range-Bounded Commitment Scheme},
      howpublished = {Cryptology ePrint Archive, Paper 2007/376},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/376}},
      url = {https://eprint.iacr.org/2007/376}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.