Boudot's Range-Bounded Commitment Scheme Revisited

Checking whether a committed integer lies in a specific interval has many cryptographic applications. In Eurocrypt'98, Chan et al. proposed an instantiation (CFT Proof). Based on CFT, Boudot presented a popular range-bounded commitment scheme in Eurocrypt'2000. Both CFT Proof and Boudot Proof are based on the encryption E(x, r) = gxhr mod n, where n is an RSA modulus whose factorization is unknown by the prover. They did not use a single base as usual. Thus an increase in cost occurs. In this paper, we show that it suffices to adopt a single base. The cost of the modified Boudot Proof is about half of that of the original scheme. Moreover, the key restriction in the original scheme, i.e., both the discrete logarithm of g in base h and the discrete logarithm of h in base g are unknown by the prover, which is a potential menace to the Boudot Proof, is definitely removed.

[1]  Yiannis Tsiounis,et al.  Easy Come - Easy Go Divisible Cash , 1998, EUROCRYPT.

[2]  David Chaum,et al.  An Improved Protocol for Demonstrating Possession of Discrete Logarithms and Some Generalizations , 1987, EUROCRYPT.

[3]  Jan Camenisch,et al.  Proving in Zero-Knowledge that a Number Is the Product of Two Safe Primes , 1998, EUROCRYPT.

[4]  Vijay Varadharajan,et al.  Information and Communication Security , 1999, Lecture Notes in Computer Science.

[5]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[6]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[7]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[8]  Ernest F. Brickell,et al.  Gradual and Verifiable Release of a Secret , 1987, CRYPTO.

[9]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[10]  Jacques Traoré,et al.  Efficient Publicly Verifiable Secret Sharing Schemes with Fast or Delayed Recovery , 1999, ICICS.

[11]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[12]  Feng Bao An Efficient Verifiable Encryption Scheme for Encryption of Discrete Logarithms , 1998, CARDIS.

[13]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[14]  Bart Preneel,et al.  Advances in cryptology - EUROCRYPT 2000 : International Conference on the Theory and Application of Cryptographic Techniques, Bruges, Belgium, May 14-18, 2000 : proceedings , 2000 .

[15]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[16]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[17]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[18]  W. Nichols RESEARCH AND APPLICATION. , 1919, Science.

[19]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[20]  Ivan Damgård,et al.  A Statistically-Hiding Integer Commitment Scheme Based on Groups with Hidden Order , 2002, ASIACRYPT.

[21]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[22]  Wenbo Mao Guaranteed Correct Sharing of Integer Factorization with Off-Line Shareholders , 1998, Public Key Cryptography.

[23]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[24]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[25]  Tatsuaki Okamoto,et al.  A Practical and Provably Secure Scheme for Publicly Verifiable Secret Sharing and Its Applications , 1998, EUROCRYPT.

[26]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[27]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.