Zero-Knowledge Proofs for Set Membership: Efficient, Succinct, Modular

Benarroch, Daniel; Campanelli, Matteo; Fiore, Dario; Gurkan, Kobi; Kolonelos, Dimitris

doi:10.1007/978-3-662-64322-8_19

Cited by 29 publications

(24 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Proving set membership using merkle trees induces the most overhead in our system. RSA accumulators have been shown to be good candidates [6] and may be a good replacement for merkle trees to prove set membership.…”

Section: Discussionmentioning

confidence: 99%

Harpocrates: Privacy-Preserving and Immutable Audit Log for Sensitive Data Operations

Thazhath

Michalak

Hoang

2022

2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)

View full text Add to dashboard Cite

Section: Discussionmentioning

confidence: 99%

Harpocrates: Privacy-Preserving and Immutable Audit Log for Sensitive Data Operations

Thazhath

Michalak

Hoang

2022

2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)

View full text Add to dashboard Cite

“…There is a large body of work on this topic since in [15] the first method was shown that has a large preprocessing cost (linear in 𝑀) but only a unit communication cost for proving membership. Several improvements have been proposed which vary in their assumptions and efficiency, [7] discusses some lines of recent work.…”

Section: Table Lookupmentioning

confidence: 99%

“…(6) Trusted party answers the honest parties: If S instructed the trusted party to continue, then the latter sends their outputs of F to the honest parties. (7) Output: The honest parties always output what the trusted party sent to them. S outputs any arbitrary computable function of the inputs {𝑢 𝑖 } 𝑖 ∈P 𝑐𝑜𝑟 , the auxiliary input 𝑢 * and the messages obtained from the trusted party.…”

Section: B1 Security Definitionsmentioning

confidence: 99%

“…2: for s 𝑌 equal to the bit decomposition of 𝑌 𝜈 , 𝐶 𝐶𝑟𝑑2 (𝜓, 𝜈; ⟨𝑋 0 ⟩, ⟨𝑌 0 ⟩, ⟨𝑋 𝜈 ⟩, ⟨𝑌 𝜈 ⟩, ⟨𝜃 𝜈 ⟩, I, s 𝑌 ) 𝐶 𝐶𝑟𝑑 (𝜈, 2; ⟨𝑋 0 ⟩, ⟨𝑌 0 ⟩, ⟨𝑋 𝜈 ⟩, ⟨𝑌 𝜈 ⟩, ⟨𝜃 𝜈 ⟩, I)𝐶 𝑅𝑎 (𝜓 − 𝐹 𝜈 ; ⟨𝑌 𝜈 ⟩, s 𝑌 ).proves eqs. (2) to (5) and(7).…”

mentioning

confidence: 99%

See 1 more Smart Citation

Private Sampling with Identifiable Cheaters

Sabater

Hahn

Andreas

et al. 2023

PoPETs

View full text Add to dashboard Cite

In this paper we study verifiable sampling from probability distributions in the context of multi-party computation. This has various applications in randomized algorithms performed collaboratively by parties not trusting each other. One example is differentially private machine learning where noise should be drawn, typically from a Laplace or Gaussian distribution, and it is desirable that no party can bias this process. In particular, we propose algorithms to draw random numbers from uniform, Laplace, Gaussian and arbitrary probability distributions, and to verify honest execution of the protocols through zero-knowledge proofs. We propose protocols that result in one party knowing the drawn number and protocols that deliver the drawn random number as a shared secret.

show abstract

“…Several SSI solutions have been implemented with blockchain [3]- [5]. Such SSI blockchain implementations can be further improved adding ZKP layers [4], [5], bearing in mind that different ZKP protocol implementations will have different properties such as their ZKP size, proof size, time duration for creation and verification [13]- [15].…”

Section: State Of the Artmentioning

confidence: 99%

A Self-Sovereign Identity Based on Zero-Knowledge Proof and Blockchain

et al. 2023

View full text Add to dashboard Cite

Systems for generating and managing digital identities are in the process of being transformed to improve data sharing security and increase decentralization. Addressing both issues, a theoretical solution to create and manage Self-Sovereign Identities (SSI) is proposed using two Zero-Knowledge Proof (ZKP) protocols based on the discrete logarithm difficulty. Automorphism group properties are introduced to link several identities, their identifiers and attributes to produce a proof. The proposed SSI protocol does not encounter the problem of reusing the same secret key as in the case of the initial ZKP Schnorr protocol. The designed protocol ensures minimal disclosure of information to a single trusted third party. In addition, it allows zero disclosure of information to service providers requiring proof of authentication or identification. Such a SSI protocol is compliant with Electronic IDentification And Trust Services (eIDAS) as well as General Data Protection Regulation (GDPR) regulations.INDEX TERMS Decentralized Identity (DID), Self-Sovereign Identity (SSI), Zero-Knowledge Proof (ZKP), Higher Education.

show abstract

Zero-Knowledge Proofs for Set Membership: Efficient, Succinct, Modular

Cited by 29 publications

References 31 publications

Harpocrates: Privacy-Preserving and Immutable Audit Log for Sensitive Data Operations

Harpocrates: Privacy-Preserving and Immutable Audit Log for Sensitive Data Operations

Private Sampling with Identifiable Cheaters

A Self-Sovereign Identity Based on Zero-Knowledge Proof and Blockchain

Contact Info

Product

Resources

About