Batching Anonymous and Non-Anonymous Membership Proofs for Blockchain Applications

Abstract

Membership proof is a very useful building block for checking if an entity is in a list. This tool is widely used in many scenarios. For instance in blockchain where checking membership of an unspent coin in a huge set is necessary, or in the scenario where certain privacy-preserving property on the list or on the entity is required. When it comes to multi-user applications, the naive way that verifies the membership relations one by one is very inefficient. In this work, we utilize subvector commitment schemes and non-interactive proofs of knowledge of elliptic curve discrete logarithms to present two batched membership proofs for multiple users, i.e., batched non-anonymous membership proofs and batched anonymous membership proofs, which offer plausible anonymity assurance respectively on the organization group list and on the users when combined within the blockchain applications. The non-anonymous membership proof scheme requires a trusted setup, but its proof size is only one bilinear group element and is independent of both the size of list and the number of users. The anonymous membership proof scheme requires no trusted setup, and its proof size is linear in the size of organization group and is independent of the number of users. Their security relies respectively on the CubeDH and the discrete logarithm assumptions. Finally, as a use-case application scenario, we extend Mesh which is a blockchain based supply chain management solution to Mesh+ which supports batched anonymous membership proofs.