Filters








2,885 Hits in 8.6 sec

One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin [chapter]

Jens Groth, Markulf Kohlweiss
2015 Lecture Notes in Computer Science  
We construct a 3-move public coin special honest verifier zero-knowledge proof, a so-called Sigma-protocol, for a list of commitments having at least one commitment that opens to 0.  ...  A third application of our Sigma protocol is an efficient proof of membership of a secret committed value u belonging to a public list L = {λ1, . . . , λN }.  ...  [AOS04] use disjunctive proofs to demonstrate possession of one out of N secret keys to construct ring signatures.  ... 
doi:10.1007/978-3-662-46803-6_9 fatcat:m5yqe775obfp7i5xdip62sq2gu

Ouroboros Crypsinous: Privacy-Preserving Proof-of-Stake

Thomas Kerber, Aggelos Kiayias, Markulf Kohlweiss, Vassilis Zikas
2019 2019 IEEE Symposium on Security and Privacy (SP)  
To prove our protocol secure against adaptive attacks, which are particularly critical in the PoS setting, we introduce a new coin evolution technique that relies on a SNARKs mechanism and key-private  ...  To model its security we give a thorough treatment of private ledgers in the universal composition (UC) setting that might be of independent interest.  ...  To spend a coin at time τ , parties will need to prove knowledge of the secret key residing as the τ th leaf of the Merkle tree.  ... 
doi:10.1109/sp.2019.00063 dblp:conf/sp/KerberKKZ19 fatcat:abtqsxa3e5asbdh75nswaepybm

Witness Hiding Proofs and Applications

Chen Lidong
1994 DAIMI Report Series  
The credentials issued on one of a user's pseudonyms can be transferred to other pseudonyms by the user without revealing the links between pseudonyms.  ...  In an anonymous credential system, one user may have many pseudonyms.  ...  A class of group signature schemes based on proofs of knowledge of one out of many witnesses are presented.  ... 
doi:10.7146/dpb.v13i477.6950 fatcat:opvsf422kvhn3kkphqibux7o7y

Leaking Arbitrarily Many Secrets: Any-out-of-Many Proofs and Applications to RingCT Protocols [article]

Tianyu Zheng, Shang Gao, Bin Xiao, Yubo Song
2021 IACR Cryptology ePrint Archive  
In this paper, we propose any-out-of-many proofs, a logarithmic zero-knowledge scheme for proving knowledge of an arbitrary number of secrets out of a public list.  ...  Unlike existing k-out-of-N proofs [S&P'21, CRYPTO'21], our approach also hides the exact amount of secrets k, which can be used to achieve a higher anonymity level.  ...  is higher than many-out-of-many proofs [?] as the indexes of all secrets can be predicted when the permutation method and any one of indexes is leaked.  ... 
dblp:journals/iacr/ZhengGXS21 fatcat:3etbmy22ebchpgnsz2xcrdjgie

Efficient Set Membership Proofs using MPC-in-the-Head

Aarushi Goel, Matthew Green, Mathias Hall-Andersen, Gabriel Kaptchuk
2022 Proceedings on Privacy Enhancing Technologies  
These proofs allow a prover to demonstrate knowledge of a witness w corresponding to a secret element x of a public set, such that they jointly satisfy a given NP relation, i.e.  ...  ℛ(w, x) = 1 and x is a member of a public set {x 1, . . . , x𝓁}. This allows the identity of the prover to remain hidden, eg. ring signatures and confidential transactions in cryptocurrencies.  ...  Acknowledgments The first and second authors are supported in part by NSF  ... 
doi:10.2478/popets-2022-0047 fatcat:kjnmuvna7nh2jc2pxlgihgvekm

On Proof-of-Accuracy Consensus Protocols

Fredy Andres Aponte-Novoa, Ricardo Villanueva-Polanco
2022 Mathematics  
This paper presents a detailed proposal of a proof-of-accuracy protocol.  ...  Since it represents a possible vulnerability, the community has made efforts to solve this and other blockchain problems, which has resulted in the birth of alternative consensus protocols, e.g., the proof  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/math10142504 fatcat:uq33d7mbrjcfvgrl3u6nafug3y

UniqueID: Decentralized Proof-of-Unique-Human [article]

MohammadJavad Hajialikhani, MohammadMahdi Jahanara
2018 arXiv   pre-print
Extending decentralization to the human identity concept, we can think of using blockchain for creating a list of verified human identities with a one-person-one-ID property.  ...  One part of this identity is simply the user's claim on one of his unique, permanent, and measurable characteristics -biometrics.  ...  One can formalize that as "How many people should collude, and how much money they need, in order to do X in the system?"  ... 
arXiv:1806.07583v1 fatcat:7p2xeqmkwrcgxbgpxbq43nss7u

Designing Proof of Transaction Puzzles for Cryptocurrency [article]

Taotao Li, Parhat Abla, Mingsheng Wang, Qianwen Wei
2017 IACR Cryptology ePrint Archive  
One of the Bitcoin's innovations is the Proof of Work puzzle (aka scratch-off puzzle) as a consensus protocol for anonymous networks without pre-established PKI.  ...  Bitcoins based on the Proof of Work puzzle have been harshly blamed today for problems such as energy wasted and not easily scalable.  ...  The Bitcoin based on the proof of work faces the problem of resource waste and security. The Peercoin based on the proof of stake faces centralization of the coin.  ... 
dblp:journals/iacr/LiAWW17 fatcat:wtba5wyamre2xj27chomx74jze

Bulletproofs: Short Proofs for Confidential Transactions and More

Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, Greg Maxwell
2018 2018 IEEE Symposium on Security and Privacy (SP)  
This MPC protocol uses either a constant number of rounds and linear communication, or a logarithmic number of rounds and logarithmic communication.  ...  Our Contributions We present Bulletproofs, a new zero-knowledge argument of knowledge 1 system, to prove that a secret committed 1.  ...  We thank Peter Dettmann for pointing out the batch inversion trick. We thank Sean Bowe for various optimizations applicable to arithmetic circuits for Pedersen hash functions.  ... 
doi:10.1109/sp.2018.00020 dblp:conf/sp/BunzBBPWM18 fatcat:eqo5xk6trzgxjb7xumtcstdfw4

Omniring: Scaling Up Private Payments Without Trusted Setup - Formal Foundations and Constructions of Ring Confidential Transactions with Log-size Proofs [article]

Russell W. F. Lai, Viktoria Ronge, Tim Ruffing, Dominique Schröder, Sri Aravinda Krishnan Thyagarajan, Jiafan Wang
2019 IACR Cryptology ePrint Archive  
Omniring is the first RingCT scheme which 1) does not require a trusted setup or pairing-friendly elliptic curves, 2) has a proof size logarithmic in the size of the ring, and 3) allows to share the same  ...  Our zero-knowledge proofs rely on novel enhancements to the Bulletproofs framework (S&P 2018), which we believe are of independent interest.  ...  Potential Issues of Leaking One-Time Secret Keys For completeness, we point out a potential issue which seems costly to avoid. We observe that in Noether et al.  ... 
dblp:journals/iacr/LaiRRSTW19 fatcat:boqezbrfnzd25et7qy4xo5jfiy

Proof-of-Knowledge of Representation of Committed Value and Its Applications [chapter]

Man Ho Au, Willy Susilo, Yi Mu
2010 Lecture Notes in Computer Science  
Specifically, for commitments C = Commit1(y), D = Commit 2 (x), of value y and a tuple x = (x 1 , . . . , x L ), respectively, our argument system allows one to demonstrate the knowledge of (x, y) such  ...  Specifically, for commitments C = Commit1(y), D = Commit2(x), of value y and a tuple x = (x1, . . . , xL), respectively, our argument system allows one to demonstrate the knowledge of (x, y) such that  ...  Conclusion We constructed a new zero-knowledge argument system and illustrated its significance with applications to blind signatures, traceable signatures and compact e-cash systems.  ... 
doi:10.1007/978-3-642-14081-5_22 fatcat:7k754v74c5ef5jgsobcjbierou

Indistinguishable Proofs of Work or Knowledge [chapter]

Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang
2016 Lecture Notes in Computer Science  
cryptocurrencies that are based on "proof of stake", and others).  ...  We introduce a new class of protocols called Proofs of Work or Knowledge (PoWorKs).  ...  The requirement there is that the puzzle solver should spend a minimum of computational resources to find a solution to the puzzle (and may or may not choose to parallelize). Applications.  ... 
doi:10.1007/978-3-662-53890-6_30 fatcat:wy6nncpc3rabjjseoa45uftr44

Efficient and Post-Quantum Zero-Knowledge Proofs for Blockchain Confidential Transaction Protocols [article]

Shang Gao, Tianyu Zheng, Yu Guo, Bin Xiao
2021 IACR Cryptology ePrint Archive  
Different from existing approaches that adopt a one-out-of-many proof [CCS'19, Crypto'19], we show that a linear sum proof suffices in ring signatures which could avoid the costly binary proof part.  ...  Finally, we show how to adopt these techniques in RingCT protocols and implement a prototype to compare the performance with existing approaches.  ...  We would also like to thank to the reviewers of Oakland'20 and Oakland'21 for their valuable comments.  ... 
dblp:journals/iacr/GaoZGX21 fatcat:tuothoh3evgw5lefp2btnks234

Designing Proof of Human-Work Puzzles for Cryptocurrency and Beyond [chapter]

Jeremiah Blocki, Hong-Sheng Zhou
2016 Lecture Notes in Computer Science  
As the name suggests, a PoH is a proof that a human invested a moderate amount of effort to solve some challenge. A PoH puzzle should be moderately hard for a human to solve.  ...  We introduce the novel notion of a Proof of Human-work (PoH) and present the first distributed consensus protocol from hard Artificial Intelligence problems.  ...  The authors also thank Andrew Miller, and the PC of ITCS 2016 and TCC 2016B for their helpful comments.  ... 
doi:10.1007/978-3-662-53644-5_20 fatcat:m4wa3kkx6naglmtriqqbzjypk4

Secure Sampling of Public Parameters for Succinct Zero Knowledge Proofs

Eli Ben-Sasson, Alessandro Chiesa, Matthew Green, Eran Tromer, Madars Virza
2015 2015 IEEE Symposium on Security and Privacy  
In this work, we show how public parameters for a class of NIZKs can be generated by a multi-party protocol, such that if at least one of the parties is honest, then the result is secure (in both aforementioned  ...  This party is trusted to correctly run a probabilistic algorithm (specified by the the proof system) that outputs the public parameters, and publish them, without leaking any other information (such as  ...  A common random string can, e.g., be implemented via a public randomness source with high entropy (or even coin-tossing protocols). of a random evaluation of C PGHR corresponds to public parameters for  ... 
doi:10.1109/sp.2015.25 dblp:conf/sp/Ben-SassonC0TV15 fatcat:lh2mmdyenjhexcmt3cytfwncfa
« Previous Showing results 1 — 15 out of 2,885 results