pith. sign in

arxiv: 1907.06381 · v1 · pith:XC6ZIWMPnew · submitted 2019-07-15 · 💻 cs.CR

A Survey on Zero Knowledge Range Proofs and Applications

Eduardo Morais , Tommy Koens , Cees van Wijk , Aleksei Koren This is my paper

Pith reviewed 2026-05-24 21:33 UTC · model grok-4.3

classification 💻 cs.CR
keywords zero-knowledge proofsrange proofsbulletproofsdistributed ledger technologyblockchain privacyproof of knowledge
0
0 comments X

The pith

Bulletproofs provides the most efficient zero-knowledge range proof construction that requires no trusted setup.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This survey compares multiple constructions for zero-knowledge range proofs and identifies one particular approach as superior in efficiency and setup requirements. The authors argue that this approach not only reduces proof size and verification time compared with earlier methods but also eliminates the need for a trusted setup phase, which matters for distributed ledgers because a compromised setup could allow invalid transactions to appear valid. They supply full algorithmic details for the favored construction and observe that the same machinery supports proofs of arbitrary statements rather than range statements alone. A reader would care because the result directly affects whether privacy features can be added to public ledgers without introducing new single points of failure.

Core claim

The paper claims that the 2017 construction known as Bulletproofs yields shorter proofs and faster verification than prior zero-knowledge range proof schemes, requires no trusted setup, and extends naturally to generic proofs of knowledge suitable for distributed ledger applications.

What carries the argument

The Bulletproofs protocol, which reduces range statements to inner-product arguments that achieve logarithmic communication and verification cost without a trusted setup.

If this is right

  • Distributed ledger applications can add range proofs for private balances without introducing setup-related forgery risks.
  • The same framework supports proofs of statements beyond simple range checks.
  • Open-source implementations become feasible because no secret setup parameters need distribution.
  • Privacy mechanisms on ledgers gain practicality through reduced computational cost per transaction.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Inner-product techniques may apply to other ledger primitives that currently rely on heavier zero-knowledge machinery.
  • If the construction scales to larger statements, it could support more expressive private smart contracts.
  • The shift toward setup-free protocols may encourage re-examination of older ledger privacy designs that depend on trusted parameters.

Load-bearing premise

The efficiency and security properties stated for the favored construction hold exactly as described in its reference paper.

What would settle it

An independent implementation benchmark in which another range proof scheme produces shorter proofs or faster verification than the favored construction, or a concrete attack that forges a proof under the favored construction's security model.

Figures

Figures reproduced from arXiv: 1907.06381 by Aleksei Koren, Cees van Wijk, Eduardo Morais, Tommy Koens.

Figure 1
Figure 1. Figure 1: Proofs size [PITH_FULL_IMAGE:figures/full_fig_p027_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Prover complexity In Figures 1, 2 and 3 we represent in the horizontal axis the bit-length of b, where b is the largest element from the subjacent range [a, b] used for the zero knowledge range proof scheme. It is possible to conclude that in general Bulletproofs offers the best perfor￾mance, but depending on the requirements of the underlying chosen use case, it may be possible that other strategies offer… view at source ↗
Figure 3
Figure 3. Figure 3: Verifier complexity In the context of DLT applications, it is possible to use Zero Knowledge Set Membership to validate user information without revealing it. A possible scenario is to perform KYC operations. For example, it would be possible to validate that the country of residence of a user is one belonging to the European Union, without revealing which country. In the case of Zero Knowledge Range Proof… view at source ↗
read the original abstract

In last years, there has been an increasing effort to leverage Distributed Ledger Technology (DLT), including blockchain. One of the main topics of interest, given its importance, is the research and development of privacy mechanisms, as for example is the case of Zero Knowledge Proofs (ZKP). ZKP is a cryptographic technique that can be used to hide information that is put into the ledger, while still allowing to perform validation of this data. In this work we describe different strategies to construct Zero Knowledge Range Proofs (ZKRP), as for example the scheme proposed by Boudot in 2001; the one proposed in 2008 by Camenisch et al, and Bulletproofs, proposed in 2017. We also compare these strategies and discuss possible use cases. Since Bulletproofs is the most efficient construction, we will give a detailed description of its algorithms and optimizations. Bulletproofs is not only more efficient than previous schemes, but also avoids the trusted setup, which is a requirement that is not desirable in the context of Distributed Ledger Technology (DLT) and blockchain. In case of cryptocurrencies, if the setup phase is compromised, it would be possible to generate money out of thin air. Interestingly, Bulletproofs can also be used to construct generic Zero Knowledge Proofs (ZKP), in the sense that it can be used to prove generic statements, and thus it is not only restricted to ZKRP, but it can be used for any kind of Proof of Knowledge (PoK). Hence Bulletproofs leads to a more powerful tool to provide privacy for DLT. Here we describe in detail the algorithms involved in Bulletproofs protocol for ZKRP. Also, we present our implementation, which was open sourced.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 2 minor

Summary. This paper is a survey on zero-knowledge range proofs (ZKRP) and their applications to distributed ledger technology (DLT). It reviews three main constructions: Boudot's scheme from 2001, Camenisch et al.'s scheme from 2008, and Bulletproofs from 2017. The authors compare these schemes, argue that Bulletproofs is the most efficient and does not require a trusted setup (unlike the others), provide a detailed description of Bulletproofs' algorithms, and present their open-sourced implementation. They also discuss how Bulletproofs can be used for generic zero-knowledge proofs in DLT applications.

Significance. If the descriptions and comparisons hold, the survey consolidates information on ZKRP techniques relevant to blockchain privacy. A clear strength is the detailed algorithmic description of Bulletproofs together with the open-sourced implementation, which supports reproducibility and practical adoption. The motivation around avoiding trusted setups in DLT contexts is well-placed.

major comments (1)
  1. [Comparison section] Comparison section: The assertion that 'Bulletproofs is the most efficient construction' is stated without a quantitative table or reproduced metrics (proof size, prover/verifier time) drawn from the three cited source papers; the comparison remains qualitative and therefore does not independently substantiate the efficiency ranking.
minor comments (2)
  1. The abstract and introduction repeat the same three advantages of Bulletproofs (efficiency, no trusted setup, generic PoK utility) in nearly identical wording; consolidation would improve readability.
  2. A summary table listing the three schemes against the dimensions 'trusted setup required', 'proof size', 'verification cost', and 'DLT suitability' is absent; adding one would make the comparison immediately usable.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the detailed review and constructive comment on our survey. We address the major comment point-by-point below.

read point-by-point responses

  1. Referee: [Comparison section] Comparison section: The assertion that 'Bulletproofs is the most efficient construction' is stated without a quantitative table or reproduced metrics (proof size, prover/verifier time) drawn from the three cited source papers; the comparison remains qualitative and therefore does not independently substantiate the efficiency ranking.

    Authors: We agree that the efficiency comparison in the manuscript is qualitative, relying on the known asymptotic and concrete properties reported in the original works (Boudot 2001, Camenisch et al. 2008, and Bünz et al. 2018 for Bulletproofs) without a consolidated table of concrete metrics. While the survey cites these sources and notes Bulletproofs' advantages in proof size and lack of trusted setup, a side-by-side quantitative summary would strengthen the claim. We will add such a table in the revised version, extracting the relevant figures (proof size in bits, prover/verifier time in group operations or ms) directly from the three source papers for the standard parameter settings used in the survey. revision: yes

Circularity Check

0 steps flagged

No significant circularity; survey reports external results

full rationale

The paper is a descriptive survey of prior ZKRP constructions (Boudot 2001, Camenisch 2008, Bulletproofs 2017). All efficiency, security, and setup claims are explicitly attributed to the cited 2017 reference; the authors' contribution is an open-sourced implementation and use-case discussion. No equations, fitted parameters, uniqueness theorems, or ansatzes are introduced or derived within the paper. No step reduces by construction to the paper's own inputs.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

As a survey paper the central claims rest on accurate reporting of existing cryptographic literature rather than new parameters, axioms, or entities.

pith-pipeline@v0.9.0 · 5858 in / 1019 out tokens · 20330 ms · 2026-05-24T21:33:57.204182+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

56 extracted references · 56 canonical work pages

  1. [1]

    Helios: Web-based open-audit voting

    Ben Adida. Helios: Web-based open-audit voting. In Proceedings of the 17th Conference on Security Symposium , SS’08, pages 335–348, Berkeley, CA, USA, 2008. USENIX Association. 28

    work page 2008

  2. [2]

    Accumulators with applications to anonymity-preserving revocation

    Foteini Baldimtsi, Jan Camenisch, Maria Dubovitskaya, Anna Lysyan- skaya, Leonid Reyzin, Kai Samelin, and Sophia Yakoubov. Accumulators with applications to anonymity-preserving revocation. In 2017 IEEE Euro- pean Symposium on Security and Privacy, EuroS&P 2017, Paris, France, April 26-28, 2017 , pages 301–315, 2017

    work page 2017

  3. [3]

    Guidelines procurement under IBRD loans and IDA credits

    The World Bank. Guidelines procurement under IBRD loans and IDA credits. The International Bank for Reconstruction and De- velopment. http://siteresources.worldbank.org/INTPROCUREMENT/ Resources/Procurement-Guidelines-November-2003.pdf

    work page 2003

  4. [4]

    Pairing-friendly elliptic curves of prime order

    Paulo Barreto and Michael Naehrig. Pairing-friendly elliptic curves of prime order. In Bart Preneel and Stafford Tavares, editors,Selected Areas in Cryp- tography, pages 319–331, Berlin, Heidelberg, 2006. Springer Berlin Heidel- berg

    work page 2006

  5. [5]

    Random oracles are practical: A paradigm for designing efficient protocols

    Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security , CCS ’93, pages 62–73, New York, NY, USA, 1993. ACM

    work page 1993

  6. [6]

    Short signatures without random oracles

    Dan Boneh and Xavier Boyen. Short signatures without random oracles. In Christian Cachin and Jan L. Camenisch, editors, Advances in Cryptology - EUROCRYPT 2004, pages 56–73, Berlin, Heidelberg, 2004. Springer Berlin Heidelberg

    work page 2004

  7. [7]

    Evaluating 2-DNF formulas on ciphertexts

    Dan Boneh, Eu-Jin Goh, and Kobbi Nissim. Evaluating 2-DNF formulas on ciphertexts. In Joe Kilian, editor, Theory of Cryptography, pages 325–341, Berlin, Heidelberg, 2005. Springer Berlin Heidelberg

    work page 2005

  8. [8]

    Short signatures from the weil pairing

    Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the weil pairing. In Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, ASIACRYPT ’01, pages 514–532, Berlin, Heidelberg, 2001. Springer-Verlag

    work page 2001

  9. [9]

    Efficient proofs that a committed number lies in an in- terval

    Fabrice Boudot. Efficient proofs that a committed number lies in an in- terval. In Bart Preneel, editor, Advances in Cryptology — EUROCRYPT 2000, pages 431–444, Berlin, Heidelberg, 2000. Springer Berlin Heidelberg

    work page 2000

  10. [10]

    B¨ unz, J

    B. B¨ unz, J. Bootle, D. Boneh, A. Poelstra, P. Wuille, and G. Maxwell. Bulletproofs: Short proofs for confidential transactions and more. In 2018 IEEE Symposium on Security and Privacy (SP) , pages 315–334, May 2018

    work page 2018

  11. [11]

    Efficient protocols for set membership and range proofs

    Jan Camenisch, Rafik Chaabouni, and abhi shelat. Efficient protocols for set membership and range proofs. In Josef Pieprzyk, editor, Advances in Cryptology - ASIACRYPT 2008 , pages 234–252, Berlin, Heidelberg, 2008. Springer Berlin Heidelberg. 29

    work page 2008

  12. [12]

    An accumulator based on bilinear maps and efficient revocation for anonymous credentials

    Jan Camenisch, Markulf Kohlweiss, and Claudio Soriente. An accumulator based on bilinear maps and efficient revocation for anonymous credentials. In Public Key Cryptography - PKC 2009, 12th International Conference on Practice and Theory in Public Key Cryptography, Irvine, CA, USA, March 18-20, 2009. Proceedings, pages 481–500, 2009

    work page 2009

  13. [13]

    Dynamic accumulators and ap- plication to efficient revocation of anonymous credentials

    Jan Camenisch and Anna Lysyanskaya. Dynamic accumulators and ap- plication to efficient revocation of anonymous credentials. In Moti Yung, editor, Advances in Cryptology — CRYPTO 2002 , pages 61–76, Berlin, Heidelberg, 2002. Springer Berlin Heidelberg

    work page 2002

  14. [14]

    A signature scheme with efficient protocols

    Jan Camenisch and Anna Lysyanskaya. A signature scheme with efficient protocols. In Stelvio Cimato, Giuseppe Persiano, and Clemente Galdi, editors, Security in Communication Networks , pages 268–289, Berlin, Hei- delberg, 2003. Springer Berlin Heidelberg

    work page 2003

  15. [15]

    Efficient group signature schemes for large groups

    Jan Camenisch and Markus Stadler. Efficient group signature schemes for large groups. In Burton S. Kaliski, editor, Advances in Cryptology — CRYPTO ’97 , pages 410–424, Berlin, Heidelberg, 1997. Springer Berlin Heidelberg

    work page 1997

  16. [16]

    New results for the practical use of range proofs

    S´ ebastien Canard, Iwen Coisel, Amandine Jambert, and Jacques Traor´ e. New results for the practical use of range proofs. In Sokratis Katsikas and Isaac Agudo, editors, Public Key Infrastructures, Services and Applications, pages 47–64, Berlin, Heidelberg, 2014. Springer Berlin Heidelberg

    work page 2014

  17. [17]

    Zero knowl- edge proof standardization workshop

    Ran Canetti, Shafi Goldwasser, Yuval Ishai, Hugo Krawczyk, Elaine Shi, Eran Tromer, Muthu Venkitasubramaniam, and Aviv Zohar. Zero knowl- edge proof standardization workshop. https://zkproof.org/index.html

    work page

  18. [18]

    Easy come — easy go divisible cash

    Agnes Chan, Yair Frankel, and Yiannis Tsiounis. Easy come — easy go divisible cash. In Kaisa Nyberg, editor, Advances in Cryptology — EU- ROCRYPT’98, pages 561–575, Berlin, Heidelberg, 1998. Springer Berlin Heidelberg

    work page 1998

  19. [19]

    Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H. Lai. SgxPectre attacks: Stealing intel secrets from SGX enclaves via speculative execution. In arXiv, Cornnell University Library , 2018. https://arxiv.org/abs/1802.09085 (visited on 19/09/2018)

    work page arXiv 2018

  20. [20]

    Provisions: Privacy-preserving proofs of solvency for bitcoin ex- changes

    Gaby Dagher, Benedikt B¨ unz, Joseph Bonneau, Jeremy Clark, and Dan Boneh. Provisions: Privacy-preserving proofs of solvency for bitcoin ex- changes. In Proceedings of the 22Nd ACM SIGSAC Conference on Com- puter and Communications Security , CCS ’15, pages 720–731, New York, NY, USA, 2015. ACM

    work page 2015

  21. [21]

    Practical and provably secure release of a secret and ex- change of signatures

    Ivan Damg˚ ard. Practical and provably secure release of a secret and ex- change of signatures. J. Cryptol., 8(4):201–222, September 1995. 30

    work page 1995

  22. [22]

    A generalization of paillier’s public-key system with applications to electronic voting

    Ivan Damg˚ ard, Mads Jurik, and Jesper Buus Nielsen. A generalization of paillier’s public-key system with applications to electronic voting. Interna- tional Journal of Information Security , 9(6):371–385, Dec 2010

    work page 2010

  23. [23]

    Financial action task force - countries

    FAFT. Financial action task force - countries. http://www.fatf-gafi. org/countries/

    work page

  24. [24]

    How to prove yourself: Practical solutions to identification and signature problems

    Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, Ad- vances in Cryptology — CRYPTO’ 86 , pages 186–194, Berlin, Heidelberg,

    work page

  25. [26]

    Statistical zero knowledge proto- cols to prove modular polynomial relations

    Eiichiro Fujisaki and Tatsuaki Okamoto. Statistical zero knowledge proto- cols to prove modular polynomial relations. In Burton S. Kaliski, editor, Advances in Cryptology — CRYPTO ’97 , pages 16–30, Berlin, Heidelberg,

    work page

  26. [27]

    Springer Berlin Heidelberg

    work page

  27. [28]

    Pairings for cryptog- raphers

    Steven Galbraith, Kenny Paterson, and Nigel Smart. Pairings for cryptog- raphers. Discrete Applied Mathematics, 156(16):3113 – 3121, 2008. Appli- cations of Algebra to Cryptography

    work page 2008

  28. [29]

    Foundations of Cryptography: Volume 1

    Oded Goldreich. Foundations of Cryptography: Volume 1 . Cambridge University Press, New York, NY, USA, 2006

    work page 2006

  29. [30]

    The knowledge com- plexity of interactive proof-systems

    Shafi Goldwasser, Silvio Micali, and Charles Rackoff. The knowledge com- plexity of interactive proof-systems. In Proceedings of the Seventeenth An- nual ACM Symposium on Theory of Computing, STOC ’85, pages 291–304, New York, NY, USA, 1985. ACM

    work page 1985

  30. [31]

    Non-interactive zero-knowledge arguments for voting

    Jens Groth. Non-interactive zero-knowledge arguments for voting. In John Ioannidis, Angelos Keromytis, and Moti Yung, editors, Applied Cryp- tography and Network Security , pages 467–482, Berlin, Heidelberg, 2005. Springer Berlin Heidelberg

    work page 2005

  31. [32]

    Short pairing-based non-interactive zero-knowledge arguments

    Jens Groth. Short pairing-based non-interactive zero-knowledge arguments. In Masayuki Abe, editor, Advances in Cryptology - ASIACRYPT 2010 , pages 321–340, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg

    work page 2010

  32. [33]

    CM-curves with good cryptographic properties

    Neal Koblitz. CM-curves with good cryptographic properties. In Joan Feigenbaum, editor, Advances in Cryptology — CRYPTO ’91 , pages 279– 287, Berlin, Heidelberg, 1992. Springer Berlin Heidelberg

    work page 1992

  33. [34]

    Consensus by trusted hardware, 2018

    Tommy Koens. Consensus by trusted hardware, 2018. https://www. linkedin.com/pulse/consensus-trusted-hardware-tommy-koens

    work page 2018

  34. [35]

    Hawk: The blockchain model of cryptography and privacy- preserving smart contracts

    Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou. Hawk: The blockchain model of cryptography and privacy- preserving smart contracts. In 2016 IEEE Symposium on Security and Privacy (SP), pages 839–858, May 2016. 31

    work page 2016

  35. [36]

    Lattice-based zero-knowledge arguments for integer relations

    Benoˆ ıt Libert, San Ling, Khoa Nguyen, and Huaxiong Wang. Lattice-based zero-knowledge arguments for integer relations. In Hovav Shacham and Alexandra Boldyreva, editors, Advances in Cryptology – CRYPTO 2018 , pages 700–732, Cham, 2018. Springer International Publishing

    work page 2018

  36. [37]

    On diophantine complexity and statistical zero-knowledge arguments

    Helger Lipmaa. On diophantine complexity and statistical zero-knowledge arguments. In Chi-Sung Laih, editor, Advances in Cryptology - ASI- ACRYPT 2003, pages 398–415, Berlin, Heidelberg, 2003. Springer Berlin Heidelberg

    work page 2003

  37. [38]

    Asokan, and Valtteri Niemi

    Helger Lipmaa, N. Asokan, and Valtteri Niemi. Secure vickrey auctions without threshold trust. In Matt Blaze, editor, Financial Cryptography, pages 87–101, Berlin, Heidelberg, 2003. Springer Berlin Heidelberg

    work page 2003

  38. [39]

    Asokan, and Valtteri Niemi

    Helger Lipmaa, N. Asokan, and Valtteri Niemi. Secure Vickrey auctions without threshold trust. In Matt Blaze, editor, Financial Cryptography, pages 87–101, Berlin, Heidelberg, 2003. Springer Berlin Heidelberg

    work page 2003

  39. [40]

    Confidential transactions, 2016

    Gregory Maxwell. Confidential transactions, 2016. https://people.xiph. org/~greg/confidential_values.txt

    work page 2016

  40. [41]

    Cryptography miracles, secure auctions, matching problem verification

    Silvio Micali and Michael Rabin. Cryptography miracles, secure auctions, matching problem verification. Commun. ACM , 57(2):85–93, February 2014

    work page 2014

  41. [42]

    Zero knowledge set membership

    Eduardo Morais, Tommy Koens, and Cees van Wijk. Zero knowledge set membership. ING media. https://www.ing.com/Newsroom/All-news/ Blockchain-innovation-improves-data-privacy-for-clients.htm

    work page

  42. [43]

    Zero knowledge range proof implementation

    Eduardo Morais, Peter Rudgers, Cees van Wijk, Tommy Koens, and Coen Ramaekers. Zero knowledge range proof implementation. Github, 2018. https://github.com/ing-bank/zkrangeproof

    work page 2018

  43. [44]

    Declaration on automatic exchange of information in tax matters

    OECD. Declaration on automatic exchange of information in tax matters. http://www.oecd.org/mcm/MCM-2014-Declaration-Tax.pdf

    work page 2014

  44. [45]

    Practical secrecy-preserving, verifiably correct and trustworthy auctions

    David Parkes, Michael Rabin, Stuart Shieber, and Christopher Thorpe. Practical secrecy-preserving, verifiably correct and trustworthy auctions. In Proceedings of the 8th International Conference on Electronic Commerce: The New e-Commerce: Innovations for Conquering Current Barriers, Ob- stacles and Limitations to Conducting Successful Business on the Inter...

    work page 2006

  45. [46]

    Non-interactive and information-theoretic secure verifi- able secret sharing

    Torben Pedersen. Non-interactive and information-theoretic secure verifi- able secret sharing. In Joan Feigenbaum, editor, Advances in Cryptology — CRYPTO ’91, pages 129–140, Berlin, Heidelberg, 1992. Springer Berlin Heidelberg

    work page 1992

  46. [47]

    Mimblewimble, 2016

    Andrew Poelstra. Mimblewimble, 2016. https://download.wpsoftware. net/bitcoin/wizardry/mimblewimble.pdf. 32

    work page 2016

  47. [48]

    Rabin, Yishay Mansour, S

    Michael O. Rabin, Yishay Mansour, S. Muthukrishnan, and Moti Yung. Strictly-black-box zero-knowledge and efficient validation of financial trans- actions. In Artur Czumaj, Kurt Mehlhorn, Andrew Pitts, and Roger Wat- tenhofer, editors, Automata, Languages, and Programming, pages 738–749, Berlin, Heidelberg, 2012. Springer Berlin Heidelberg

    work page 2012

  48. [49]

    Rabin and Jeffery O

    Michael O. Rabin and Jeffery O. Shallit. Randomized algorithms in number theory. Communications on Pure and Applied Mathematics , 39(S1):S239– S256

    work page

  49. [50]

    SEC 2: Recommended Elliptic Curve Domain Param- eters

    Certicom Research. SEC 2: Recommended Elliptic Curve Domain Param- eters. In Standards for Efficient Cryptography , 2000

    work page 2000

  50. [51]

    Some efficient zero-knowledge proof techniques

    Berry Schoenmakers. Some efficient zero-knowledge proof techniques. In: Workshop on Cryptographic Protocols, 2001

    work page 2001

  51. [52]

    Interval proofs revisited

    Berry Schoenmakers. Interval proofs revisited. Slides presented at the International Workshop on Frontiers in Electronic Elections, 2005

    work page 2005

  52. [53]

    Malware guard extension: Using SGX to conceal cache attacks

    Michael Schwarz, Samuel Weiser, Daniel Gruss, Cl´ ementine Maurice, and Stefan Mangard. Malware guard extension: Using SGX to conceal cache attacks. In Michalis Polychronakis and Michael Meier, editors, Detection of Intrusions and Malware, and Vulnerability Assessment , pages 3–24, Cham,

    work page

  53. [54]

    Springer International Publishing

    work page

  54. [55]

    Efficient zero- knowledge range proofs in ethereum

    Coen Ramaekers Tommy Koens and Cees van Wijk. Efficient zero- knowledge range proofs in ethereum. ING media. https://www.ingwb. com/media/2122048/zero-knowledge-range-proof-whitepaper.pdf

    work page arXiv

  55. [56]

    Still wrong use of pairings in cryptography

    Osmanbey Uzunkol and Mehmet Sabır Kiraz. Still wrong use of pairings in cryptography. Applied Mathematics and Computation , 333:467 – 479, 2018

    work page 2018

  56. [57]

    Ethereum: A secure decentralized transaction ledger, 2014

    Gavin Wood. Ethereum: A secure decentralized transaction ledger, 2014. http://gavwood.com/paper.pdf. 33

    work page 2014