Selected Publications
The CORE Conference Ranking is used for assessing the conference publications.
# Corresponding Author
2024
[PETS24 CORE A] FlashSwift: A Configurable and More Efficient Range Proof With Transparent Setup
Nan Wang#, Dongxi Liu
FlashSwift is a logarithmic-sized zero-knowledge range argument in the discrete logarithm setting without using a trusted setup. By combining the techniques from both Flashproof and SwiftRange, FlashSwift inherits and capitalizes on their efficiency advantages. It creates two new records of the smallest proof sizes, 289 bytes and 417 bytes, for 8-bit and 16-bit ranges among all the bit-decomposition-based range proofs without requiring trusted setups. Moreover, it is the first configurable range proof that is adaptable to various scenarios with different specifications.
[IEEE S&P24 CORE A*] SwiftRange: A Short and Efficient Zero-Knowledge Range Argument For Confidential Transactions and More
The 45th IEEE Symposium on Security & Privacy (IEEE S&P24, Oakland)
Nan Wang#, Sid Chi-Kin Chau, Dongxi Liu
SwiftRange is a logarithmic-sized zero-knowledge range argument in the discrete logarithm setting without using a trusted setup. It is tailored for confidential transactions (CT) on blockchain platforms. It aims to prove a committed value lies in the range [0, 2^N-1], where N is the bit length of the range size. It achieves double verification efficiency of Bulletproofs at a lesser cost of communication for CT-friendly ranges, where N is 32 or 64.
2022
[ASIACRYPT22 CORE A] Flashproofs: Efficient Zero-knowledge Arguments of Range and Polynomial Evaluation with Transparent Setup
The 28th Annual International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT 2022)
Nan Wang#, Sid Chi-Kin Chau
Flashproofs are efficient zero-knowledge proofs of knowledge in the discrete logarithm setting without using a trusted setup. They feature sub-linear efficiency in both communication and verification:
The zero-knowledge range argument aims to prove a committed value lies in the range [0, 2^N-1], where N is the bit length of the range size. It achieves O(N^(2/3)) efficiency in both communication and verification. Especially, the high verification efficiency makes it a suitable candidate for smart-contract blockchain platforms, whose verification consumes comparable gas costs to that of the most efficient zk-SNARK (Groth16) that relies on a trusted setup.
The zero-knowledge polynomial evaluation argument aims to prove that two committed values satisfy a public polynomial relation. It achieves logarithmic efficiency in both communication and verification and is a crucial building block for zero-knowledge arguments of membership and non-membership, where an argument of membership or non-membership allows to prove a committed value belongs or does not belong to a public set of values.
Paper ePrint Code Talk (Please see the ePrint version for the full details)
[IEEE TCC22] Cloud-based Privacy-Preserving Collaborative Consumption in Sharing Economy
IEEE Transactions on Cloud Computing 2022 (IEEE TCC22)
Lingjuan Lyu, Sid Chi-Kin Chau, Nan Wang, Yifeng Zheng
We propose a multi-party computation protocol based on Paillier threshold cryptosystem. Our protocol enables privacy-preserving collaborative consumption in a semi-honest setting.
2021
[ACM e-Energy21] Privacy-Preserving Energy Storage Sharing with Blockchain (Best Paper Award)
The 12th ACM International Conference on Future Energy Systems (ACM e-Energy 2021)
Nan Wang, Sid Chi-Kin Chau, Yue Zhou
We propose an efficient multi-party computation protocol and a blockchain-based cost-sharing solution to achieve energy storage sharing in a privacy-preserving manner. Our protocol leverages SPDZ framework to defend against a dishonest majority, who arbitrarily deviate from the protocol.
Preprints
Practically Efficient Secure Computation of Rank-based Statistics Over Distributed Datasets
Nan Wang#, Sid Chi-Kin Chau
We propose an efficient multi-party computation protocol to compute ranked-based statistics, e.g., median, percentiles, over distributed datasets. Our protocol achieves higher accuracy and stronger security compared with the state-of-the-art. Moreover, we leverage different zero-knowledge proofs to defend against malicious parties from dishonestly deviating from the protocol.