Module zk_paillier::zkproofs
source · Structs
This proof shows that a paillier ciphertext was constructed correctly
Witness Indistinguishable Proof of knowledge of discrete log with composite modulus.
Zero-knowledge proof of co-primality between the encryption modulus and its order.
In the case that the message space size is small (a message can be only one of a few possibilities ),
it is possible to create a “ring” like structure that proves that the
encrypted value is a message from the message space without revealing the message.
reference: https://paillier.daylightingsociety.org/Paillier_Zero_Knowledge_Proof.pdf
This proof is a non-interactive version of Multiplication-mod-n^s protocol taken from
DJ01 [https://www.brics.dk/RS/00/45/BRICS-RS-00-45.pdf ]
This protocol is based on the NIZK protocol in https://eprint.iacr.org/2018/057.pdf
for parameters = e = N, m2 = 11, alpha = 6370 see https://eprint.iacr.org/2018/987.pdf 6.2.3
for full details.
Zero-knowledge range proof that a value x<q/3 lies in interval [0,q].
Zero-knowledge range proof that a value x<q/3 lies in interval [0,q].
A sigma protocol to allow a prover to demonstrate that a ciphertext c_x has been computed using
two other ciphertexts c_cprime, as well as a known value.
The proof allows a prover to prove that a ciphertext is an encryption of zero.
Constants
salt string “kzen” as system parameter, which is hashed to 256 bit
Traits
Verify correct opening of ciphertext.