A different base approach for better efficiency on range proofs

Abstract

Zero-knowledge range proofs (ZKRPs) are commonly used to prove the validation of a secret integer lies in an interval to some other party in a secret way. In many ZKRPs, the secret is represented in binary and then committed via a suitable commitment scheme or represented as an appropriate encryption scheme. This paper is an extended version of the conference paper presented at the 14th IEEE International Conference on Security of Information and Networks. To this end, after summarizing the conference paper, we first analyze the proof proposed by Mao in 1998 in the elliptic-curve setting. Mao’s proof contains a bit commitment scheme with an OR construction as a sub-protocol. We have extended Mao’s range proof to base-$u$ with a modified OR-proof. We investigate and compare the efficiency of different base approaches on Mao’s range proof with both Pedersen commitment and ElGamal encryption. Later, we analyze the range proof proposed by Bootle et al. in both finite fields and elliptic-curve settings. This proof contains polynomial commitment with matrix row operations. We take the number of computations in modulo exponentiation and the cost of the number of exchanged integers between parties. Then, we generalize these costs for $u$-based construction. We show that compared with the base-2 representation, different base approach provides efficiency in communication cost or computation cost, or both.