-
Notifications
You must be signed in to change notification settings - Fork 0
/
abstract.tex
5 lines (5 loc) · 1022 Bytes
/
abstract.tex
1
2
3
4
5
%We consider the following problem: given commitments $c_1,\ldots,c_n$ to values $x_1,\ldots,x_n$, prove in zero-knowledge that each of $x_1,\ldots,x_n$ belongs to some set $S$. We construct a NIZK argument for this problem whose proof size is independent of the number of commitments. Our proof system is secure under the SXDH assumption plus the SSDP (introduced by XXX) in Type III groups, while we can prove it secure under the DLin assumption in Type I groups.
%
%We show how to use our NIZK argument to construct the most efficient \emph{Argument of Correctness of a Shuffle} and \emph{Range Argument} under standard and falsifiable assumptions.
We construct the most efficient non-interactive \emph{Argument of Correctness of a Shuffle} and \emph{Range Argument} under falsifiable assumptions in asymmetric bilinear groups.
Our constructions use as a common building block a novel quasi-adaptive argument for proving that $n$ commitments open to messages in a public set $S$, with proof-size independent of $n$.