Range Proof

Bit Commitment

$BC_{b_0}(s,r)=b_0^s b_1^r \bmod N , \quad BC_{b_0}(s,r_1,r_2)=b_0^s b_1^{r_1}b_2^{r_2} \bmod N $

$(N,b_0,b_1,b_2) $ is a set of system parameters given by verifier or trusted third party.

Generate $(N, b_0, b_1, b_2) $

witness indestinguishability refers to a property in cryptographic protocols where an external observer can not distinguish between different valid witnesses for a given statement. In other words, if there are multiple possible witnesses that can be used to prove a statement, a protocol is said to possess indistinguishability if an obesover can not determine which specific witness was used by the prover.

References

Threshold-optimal DSA/ECDSA signatures and an application to Bitcoin wallet security
Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations
Lindell-2018: Fast Secure Multiparty ECDSA with Practical Distributed Key Generation and Applications to Cryptocurrency Custody
Lindell-2017: Fast Secure Two-Party ECDSA Signing
Cathie Yun: Building on Bulletproofs

Stromata Of Gimmi7

Range Proof

Bit Commitment

Generate $(N, b_0, b_1, b_2) $

Witness indistinguishability

References