Browse Source

Add a brief README

Ian Goldberg 2 years ago
parent
commit
e7dd0c12b9
1 changed files with 22 additions and 0 deletions
  1. 22 0
      README.md

+ 22 - 0
README.md

@@ -0,0 +1,22 @@
+# Log-sized Proof of 1-of-N knowledge of DL
+
+Ian Goldberg (iang@uwaterloo.ca), 2020-04-20
+
+This code implements the protocol of Section 3 of Groth and Kohlweiss,
+["One-out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin"](https://eprint.iacr.org/2014/764.pdf),
+Eurocrypt 2015.
+
+You can look at this protocol in a number of ways:
+
+  * knowledge of an opening of one of N Pedersen commitments to 0
+  * knowledge of one of N discrete logs of group elements
+  * knowledge of one of N private keys
+
+The technique of Section 4 of the above paper uses this same protocol
+to produce a log-sized ring signature: just compute the challenge
+x non-interactively as a hash of the group parameters, a message,
+the ring of public keys, and the output of the prover's first message.
+
+The size of the proof is 4n group elements, plus 3n+1 scalars, where
+n = ceil(log\_2(N)), and N is the number of commitments/group
+elements/public keys.