HackMD - Collaborative Markdown Knowledge Base

https://github.com/ZenGo-X/zk-paillier zk-paillier proofs: 1. ciphertext is zero - https://github.com/ZenGo-X/zk-paillier/blob/master/src/zkproofs/zero_enc_proof.rs - From Damgard Jurik, https://www.brics.dk/RS/00/45/BRICS-RS-00-45.pdf 2. Knowledge of plaintext - https://github.com/ZenGo-X/zk-paillier/blob/master/src/zkproofs/correct_key_ni.rs - "Efficient Noninteractive Certificationof RSA Moduli and Beyond" https://eprint.iacr.org/2018/057.pdf - "Fast Secure Multiparty ECDSA with PracticalDistributed Key Generation and Applications toCryptocurrency Custody" https://eprint.iacr.org/2018/987.pdf 6.2.3 3. gcd(N,phi(N)) = 1 1. Interactive - https://github.cocm/ZenGo-X/zk-paillier/blob/master/src/zkproofs/correct_key.rs - section 3.1 in [Lindell'17](https://eprint.iacr.org/2017/552) - section 3.3 in [HMRTN'12](https://eprint.iacr.org/2011/494) - section 4.2 in [DJ'01](http://www.brics.dk/RS/00/45/BRICS-RS-00-45.pdf) 2. Non-interactive - https://eprint.iacr.org/2018/057.pdf - for parameters = e = N, m2 = 11, alpha = 6370 see https://eprint.iacr.org/2018/987.pdf 6.2.3 4. Range proof, msg in [0,q] 1. Interactive - https://github.com/ZenGo-X/zk-paillier/blob/master/src/zkproofs/range_proof.rs - Appendix A in [Lindell'17](https://eprint.iacr.org/2017/552) - Section 1.2.2 in [Boudot '00](https://www.iacr.org/archive/eurocrypt2000/1807/18070437-new.pdf) - Assumes only DCRA 2. Non-interactive - https://github.com/ZenGo-X/zk-paillier/blob/master/src/zkproofs/range_proof_ni.rs - Same as 3.1, but with Fiat-Shamir. 5. Correct opening - https://github.com/ZenGo-X/zk-paillier/blob/master/src/zkproofs/correct_opening.rs - This is just checking trivially that ct = ENC(m,r). 6. Correct message - https://github.com/ZenGo-X/zk-paillier/blob/master/src/zkproofs/correct_message.rs - In the case that the message space size is small (a message can be only one of a few possibilities), it is possible to create a "ring" like structure that proves that the encrypted value is a message from the message space without revealing the message. - https://paillier.daylightingsociety.org/Paillier_Zero_Knowledge_Proof.pdf 7. + a few more proofs less relevant