On Simulation-Sound Trapdoor Commitments
نویسندگان
چکیده
We study the recently introduced notion of a simulation-sound trapdoor commitment (SSTC) scheme. In this paper, we present a new, simpler deenition for an SSTC scheme that admits more eecient constructions and can be used in a larger set of applications. Speciically, we show how to construct SSTC schemes from any one-way functions, and how to construct very eecient SSTC schemes based on speciic number-theoretic assumptions. We also show how to construct simulation-sound, non-malleable, and universally-composable zero-knowledge protocols using SSTC schemes, yielding, for instance, the most eecient universally-composable zero-knowledge protocols known. Finally, we explore the relation between SSTC schemes and non-malleable commitment schemes by presenting a sequence of implication and separation results, which in particular imply that SSTC schemes are non-malleable.
منابع مشابه
Hybrid commitments and their applications to zero-knowledge proof systems
We introduce the notion of hybrid trapdoor commitment schemes. Intuitively a hybrid trapdoor commitment scheme is a primitive which can be either an unconditionally binding commitment scheme or a trapdoor commitment scheme depending on the distribution of commitment parameters. Moreover, such two possible distributions are computationally indistinguishable. Hybrid trapdoor commitments are relat...
متن کاملTrapdoor commitment schemes and their applications
Look, matey, I know a dead parrot when I see one, and I'm looking at one right now. Preface There are certainly one or two things about cryptography I have learned during my Ph.D. time. One thing I have noticed is that trapdoor commitments are a remarkable catalyst for the design of provably secure cryptographic protocols. Introduction Informally, commitment schemes can be described by lockable...
متن کاملComputational Soundness of Non-Malleable Commitments
This paper aims to find a proper security notion for commitment schemes to give a sound computational interpretation of symbolic commitments. We introduce an indistinguishability based security definition of commitment schemes that is equivalent to non-malleability with respect to commitment. Then, we give a construction using tag-based encryption and one-time signatures that is provably secure...
متن کاملMinimal Assumptions for Efficient Mercurial Commitments
Mercurial commitments were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [27]). Unlike regular commitments, which are strictly binding, mercurial commitments allow for certain amount of (limited) freedom. The notion of [8] also required that mercurial commitments should be equivocable given a certain tra...
متن کاملConstant-Round Concurrently-Secure rZK in the (Real) Bare Public-Key Model
We present constant-round concurrently secure (sound) resettable zero-knowledge (rZK-CS) arguments in the bare public-key (BPK) model. Our constructions deal with general NP ZK-arguments as well as with highly efficient ZK-arguments for number-theoretic languages, most relevant to identification scenarios. These are the first constant-round protocols of this type in the original real BPK model,...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2003 شماره
صفحات -
تاریخ انتشار 2003