| 摘要: |
| 范围证明也可以称作集合成员关系证明,范围证明的含义即证明某个元素属于给定的范围或者集合内。具有零知识性质的范围证明即证明者向验证者证明某一秘密信息属于一个给定的集合,同时不泄露其他任何信息。具有零知识性质的范围证明可以在实现范围证明功能的同时,尽可能的保护秘密信息和证明者的隐私。范围证明技术在实际生活中有着广泛的应用,如加密货币,匿名电子投票,匿名拍卖等诸多场景。本文提出了一种基于国密算法框架的范围证明方案:验证者对范围内的元素进行签名并连同签名公钥一起发送给证明者,证明者将秘密信息的签名盲化后发送给验证者,再采用三轮sigma协议证明对秘密信息的签名属于上述签名集合内,从而实现范围证明。本文提出的范围证明方案还可以拓展到(0,u^l)范围及其任意子集。本方案具有较小的通信复杂度和计算代价,在实际场景中更加实用。 |
| 关键词: 范围证明 SM2签名算法 零知识证明 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2023.08.40 |
| 投稿时间:2021-08-17修订日期:2021-11-03 |
| 基金项目:(No.61932019、No.61772521和No.61772522);中科院前沿学科重点研究项目(No.QYZDB-SSW-SYS035)资助。 |
|
| Range Proof based on Chinese Cryptographic Algorithm Framework |
|
TAN Taoli, MA Shunli, DENG Yi
|
| (State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| Range proof can also be called set membership proof. The meaning of range proof is to prove that an element belongs to a given range or set. The range proof with the property of zero knowledge is that the prover proves to the verifier that a secret information belongs to a given set without disclosing any other information. The range proof with zero knowledge property can realize the function of proving range and protect the privacy of secret information and prover as much as possible. Range proof technology has a wide range of applications in real life, such as cryptocurrency, anonymous electronic voting, anonymous auction and many other scenarios. In this paper, we propose a range proof scheme based on the Chinese cryptographic algorithm framework: the verifier signs the elements in the range and sends them to the prover together with the public key of the signature. The prover blinds the signature of the secret information and sends it to the verifier, and then uses the three rounds sigma-protocol to prove that the signature of the secret information belongs to the above signature set, so as to realize the range proof. The range proof scheme proposed in this paper can also be extended to any subset of the range (0,u^l), with less communication complexity and computational cost, it is more practical in practical scenarios. |
| Key words: range proof SM2 signature algorithm zero-knowledge proof |
