(Nearly) round-optimal black-box constructions of commitments secure against selective opening attacks
نویسنده
چکیده
Selective opening attacks against commitment schemes occur when the commitment scheme is repeated in parallel (or concurrently) and an adversary can choose depending on the commit-phase transcript to see the values and openings to some subset of the committed bits. Commitments are secure under such attacks if one can prove that the remaining, unopened commitments stay secret. We prove the following black-box constructions and black-box lower bounds for commitments secure against selective opening attacks: 1. For parallel composition, 4 (resp. 5) rounds are necessary and sufficient to build computationally (resp. statistically) binding and computationally hiding commitments. Also, there are no perfectly binding commitments. 2. For parallel composition, O(1)-round statistically-hiding commitments are equivalent to O(1)-round statistically-binding commitments. 3. For concurrent composition, ω(logn) rounds are sufficient to build statistically binding commitments and are necessary even to build computationally binding and computationally hiding commitments, up to log logn factors. Our lower bounds improve upon the parameters obtained by the impossibility results of Bellare et al. (EUROCRYPT ’09), and are proved in a fundamentally different way, by observing that essentially all known impossibility results for black-box zero-knowledge can also be applied to the case of commitments secure against selective opening attacks.
منابع مشابه
Errata to (Nearly) Round-Optimal Black-Box Constructions of Commitments Secure against Selective Opening Attacks
Selective opening attacks against commitment schemes occur when the commitment scheme is repeated in parallel (or concurrently) and an adversary can choose depending on the commit-phase transcript to see the values and openings to some subset of the committed bits. Commitments are secure under such attacks if one can prove that the remaining, unopened commitments stay secret. We prove the follo...
متن کاملOn the round complexity of black-box constructions of commitments secure against selective opening attacks
Selective opening attacks against commitment schemes occur when the commitment scheme is repeated in parallel and an adversary can choose depending on the commit-phase transcript to see the values and openings to some subset of the committed bits. Commitments are secure under such attacks if one can prove that the remaining, unopened commitments stay secret. We prove the following black-box con...
متن کامل(Nearly) optimal black-box constructions of commitments secure against selective opening attacks
Selective opening attacks against commitment schemes occur when the commitment scheme is repeated in parallel (or concurrently) and an adversary can choose depending on the commit-phase transcript to see the values and openings to some subset of the committed bits. Commitments are secure under such attacks if one can prove that the remaining, unopened commitments stay secret. We prove the follo...
متن کاملRound-Optimal Black-Box Statistically Binding Selective-Opening Secure Commitments
Assuming t-round statistically hiding commitments in the stand-alone model, we build a (t+ 2)-round statistically binding commitment secure against selective opening attacks under parallel composition. In particular, assuming collisionresistant hash functions, we build such commitments in 4 rounds.
متن کاملRevisiting Lower and Upper Bounds for Selective Decommitments
In [DNRS99, DNRS03], Dwork et al. opened the fundamental question of existence of commitment schemes that are secure against selective opening attacks (SOA, for short). In [BHY09] Bellare, Hofheinz, and Yilek, and Hofheinz in [Hof11] solved this problem positively by presenting a scheme which is based on non-black-box use of a one-way permutation and which has superconstant number of rounds. Th...
متن کامل