Zero-knowledge sets (ZKS) is a basic cryptographic primitive that can be used to commit to a set S and prove statements such as x∈ S or x∉ S, without revealing anything else on S. Mercurial commitment is a useful tool to construct ZKS. Trapdoor q-mercurial commitment, an extension of normal mercurial commitment, results in more efficient ZKS with much shorter proofs when combining with a q-arity Merkle tree. ID-based trapdoor mercurial commitment is proposed by Chen et al. in 2011 to mainly solve the conflicts between propagation and plagiarism of non-interactive zero-knowledge proofs in ZKS, but it only supports binary Merkle tree. In this paper, we present the first ID-based mercurial functional commitment which provides more efficient ZKS than Chen et al.’s scheme by extending it to vector commitment. Moreover, our mercurial functional commitment supports the functionality of linear functions, where commitment to a message vector (e.g., m= (m1, m2, … , mn) ∈ Dn) can later be de-committed to a linear function ∑i=1nmixi=y∈R of some vector coordinates. It has applications in generalized ZKS which allows us to provide proof of a linear computation on values in a database other than just membership/non-membership statements. Besides, the proposed mercurial functional commitment, as an extension of mercurial vector commitment, is concise (the sizes of the commitments and hard/soft openings are independent of the length of the function description or messages) and achieves both linear-size public keys and constant-size assumptions.
Funding
Secure and dynamic access control over encrypted data in the cloud
Wu, C., Chen, X. & Susilo, W. (2019). Concise ID-based mercurial functional commitments and applications to zero-knowledge sets. International Journal of Information Security, Online First 1-12.