A survey on zero knowledge range proofs and applications

In last years, there has been an increasing effort to leverage distributed ledger technology (DLT), including blockchain. One of the main topics of interest, given its importance, is the research and development of privacy mechanisms, as for example is the case of zero knowledge proofs (ZKP). ZKP is a cryptographic technique that can be used to hide information that is put into the ledger, while still allowing to perform validation of this data. In this work we describe different strategies to construct zero knowledge range proofs (ZKRP), as for example the scheme proposed by Boudot (in: Bart (ed) Advances in cryptology-EUROCRYPT 2000, Springer, Berlin, 2000) in 2001; the one proposed by Camenisch et al. (in: Josef (ed) Advances in cryptology-ASIACRYPT 2008, Springer, Berlin, 2008), and bulletproofs (Bunz et al., in: 2018 IEEE symposium on security and privacy (SP), 2018), proposed in 2017. We also compare these strategies and discuss possible use cases. Since bulletproofs (Bunz et al. 2018) is the most efficient construction, we will give a detailed description of its algorithms and optimizations. Bulletproofs is not only more efficient than previous schemes, but also avoids the trusted setup, which is a requirement that is not desirable in the context of DLT and blockchain. In case of cryptocurrencies, if the setup phase is compromised, it would be possible to generate money out of thin air. Interestingly, bulletproofs can also be used to construct generic ZKP, in the sense that it can be used to prove generic statements, and thus it is not only restricted to ZKRP, but it can be used for any kind of proof of knowledge. Hence Bulletproofs leads to a more powerful tool to provide privacy for DLT. Here we describe in detail the algorithms involved in Bulletproofs protocol for ZKRP. Also, we present our implementation, which was open sourced (Morais et al., in: Zero knowledge range proof implementation, 2018. https://github.com/ing-bank/zkrangeproof).