New results for the practical use of range proofs

Abstract

Zero-knowledge proofs of knowledge are now used in numerous applications and permit to prove the knowledge of secrets with many (complex) properties. Among them, the proof that a secret lies in a given interval is very useful in the context of electronic voting, e-cash or anonymous credentials. In this paper, we propose new contributions to the practical use of these so-called range proofs, for which several types of methods exist.We first introduce a variant of the signature-based method which allows the prover to avoid pairing computations. We also give several improvements to the solution based on the multi-base decomposition of the secret. We finally make the first complete comparison between all existing range proofs. This permits to prove that our methods are useful in many practical cases. This also allows service designers to decide which method is the best to use in their case, depending on their practical needs and constraints on the size of the interval, the power of the verifier and the prover, etc.