Welcome to the resource topic for 2025/1811
Title:
Anchored Merkle Range Proof for Pedersen Commitments
Authors: Leona Hioki
Abstract:We present a simple range-proof mechanism for Pedersen commitments that avoids per-
transaction heavy ZK verification and pairings. The idea is to commit once to a Merkleized
range table of points {(U, aX·G)}X∈{1,…,2n} for a secret a ∈ Zq and a public anchor U = a·B.
At transaction time, a prover shows set membership of the leaf (U, ax · G), proves via a
Chaum–Pedersen DLEQ that logB U = logC C′ where C′ = a · C and C is the Pedersen
commitment, and finally proves (Schnorr) that C′ − (ax·G) lies in the H-direction. These
three checks enforce x to be the in-range value indexed by the Merkle leaf while preserving
privacy. Verification costs a single Merkle proof plus a DLEQ and a Schnorr discrete-log
proof over an elliptic curve group.
ePrint: https://eprint.iacr.org/2025/1811
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .