Additive Combinatorics and Discrete Logarithm Based Range Protocols

• Published in: Information Security and Privacy pp. 336 - 351
• Main Authors: Chaabouni, Rafik, Lipmaa, Helger, Shelat, Abhi
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2010
• Series: Lecture Notes in Computer Science
• Subjects: Additive combinatorics; cryptographic range proof; sumset; zero knowledge
• ISBN: 3642140807; 9783642140808
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-642-14081-5_21

We show how to express an arbitrary integer interval \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{I} = [0, H]$\end{document} as a sumset \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{I} = \sum_{i=1}^\ell G_i * [0, u - 1] + [0, H']$\end{document} of smaller integer intervals for some small values ℓ, u, and H′ < u − 1, where b * A = {ba : a ∈ A} and \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$A + B = \{a + b : a \in A \land b \in B\}$\end{document}. We show how to derive such expression of \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{I}$\end{document} as a sumset for any value of 1 < u < H, and in particular, how the coefficients Gi can be found by using a nontrivial but efficient algorithm. This result may be interesting by itself in the context of additive combinatorics. Given the sumset-representation of \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin{document}$\mathcal{I}$\end{document}, we show how to decrease both the communication complexity and the computational complexity of the recent pairing-based range proof of Camenisch, Chaabouni and shelat from ASIACRYPT 2008 by a factor of 2. Our results are important in applications like e-voting where a voting server has to verify thousands of proofs of e-vote correctness per hour. Therefore, our new result in additive combinatorics has direct relevance in practice.