Improved Non-committing Encryption Schemes Based on a General Complexity Assumption
نویسندگان
چکیده
Non-committing encryption enables the construction of multiparty com-putation protocols secure against an adaptive adversary in the computationalsetting where private channels between players are not assumed. While anynon-committing encryption scheme must be secure in the ordinary seman-tic sense, the converse is not necessarily true. We propose a constructionof non-committing encryption that can be based on any public key systemwhich is secure in the ordinary sense and which has an extra property wecall simulatability. The construction contains an earlier proposed scheme byBeaver based on the Diffie-Hellman problem as a special case, and we proposeanother implementation based on RSA. In a more general setting, our con-struction can be based on any collection of trapdoor one-way permutationswith a certain simulatability property. This offers a considerable efficiencyimprovement over the first non-committing encryption scheme proposed byCanetti et al. Finally, at some loss of efficiency, our scheme can be based ongeneral collections of trapdoor one-way permutations without the simulata-bility assumption, and without the common domain assumption of Canetti etal.
منابع مشابه
Improved Non-committing Encryption with Applications to Adaptively Secure Protocols
We present a new construction of non-committing encryption schemes. Unlike the previous constructions of Canetti et al. (STOC ’96) and of Damgård and Nielsen (Crypto ’00), our construction achieves all of the following properties: – Optimal round complexity. Our encryption scheme is a 2-round protocol, matching the round complexity of Canetti et al. and improving upon that in Damgård and Nielse...
متن کاملCommitting Encryption and Publicly-Verifiable SignCryption
Encryption is often conceived as a committing process, in the sense that the ciphertext may serve as a commitment to the plaintext. But this does not follow from the standard definitions of secure encryption. We define and construct symmetric and asymmetric committing encryption schemes, enabling publicly verifiable non-repudiation. Committing encryption eliminates key-spoofing attacks and has ...
متن کاملDesign and formal verification of DZMBE+
In this paper, a new broadcast encryption scheme is presented based on threshold secret sharing and secure multiparty computation. This scheme is maintained to be dynamic in that a broadcaster can broadcast a message to any of the dynamic groups of users in the system and it is also fair in the sense that no cheater is able to gain an unfair advantage over other users. Another important feature...
متن کاملMessage Franking via Committing Authenticated Encryption
We initiate the study of message franking, recently introduced in Facebook’s end-to-end encrypted message system. It targets verifiable reporting of abusive messages to Facebook without compromising security guarantees. We capture the goals of message franking via a new cryptographic primitive: compactly committing authenticated encryption with associated data (AEAD). This is an AEAD scheme for...
متن کاملProgrammability in the Generic Ring and Group Models
The programmability has long been used as a tool to prove security of schemes in the random oracle model (ROM) even in the cases where schemes do not seem to have a security proof in the standard model [3, 8, 10]. On the other hand, it seems that a similar property has never been studied in the generic models, i.e., the generic ring and group models, respectively the GRM and the GGM. This work ...
متن کامل