Feature Request: Proof of Membership

[phayes]

I was wondering if it would be possible to add support for "proof of membership" in addition to the current existing range proof.

Details on implementing a proof-of-membership is here: https://paillier.daylightingsociety.org/Paillier_Zero_Knowledge_Proof.pdf

As an example of why this is useful, consider using Paillier homomorphic addition as part of a voting system where votes are kept anonymous.

Consider an example where we have three candidates. Each voter would encode their vote in the form: 000100000000 to vote for candidate-1, 000000010000 for candidate-2, and 000000000001 for candidate 3. Using Paillier, we could sum all the encrypted votes together and obtain a result, while keeping each individual vote secret. However, without a "proof of membership", a malicious voter might cast a malicious vote 011100000000. A "proof of membership" would allow us to verify a vote is within the set [000100000000, 000000010000, 000000000001] and thwart malicious votes.