Is it possible to construct a zero knowledge proof that one encrypted number is larger (or not) than another encrypted number without releasing the values of either numbers?
Asked
Active
Viewed 1,006 times
2 Answers
4
Yes, it is possible. Actually, any statement in NP can be proven in zero knowledge. This means that if something can be proven by releasing some information, it is possible to prove the same without releasing any information, i.e. in zero knowledge.
abacabadabacaba
- 436
- 1
- 3
- 8
2
An efficient proof of "more or equal" statement about integers committed is possible starting from Lagrange 4-squares theorem as follows:
- use a group of a hidden order (that is, unknown to proving party), like RSA;
- find four integers such that sum of their squares is the difference of original numbers committed;
- commit that four numbers and send all commitments to verifying party;
- prove knowledge of two original numbers and 4 "witness" numbers with a Schnorr-like protocol.
Low probability (like inverse challenge space) of protocol soundness error in a single run is the major difference from general proof for any NP statement.
"Proving knowledge" above holds for a protocol of argument type, on condition that proving party cant find logarithm and cant find order of the group used.
Protocol above is a generalization into proving polynomial identities of degree larger that linear in challenge, doable with Schwartz-Zippel lemma.
Vadym Fedyukovych
- 2,347
- 14
- 19