All-but-k Mercurial Commitments and their Applications
نویسندگان
چکیده
We introduce and formally define all-but-k mercurial commitments, a new kind cryptographic commitment that generalizes standard mercurial and non-mercurial (vector) commitments. We provide two concrete constructions for all-but-k mercurial commitments: the first is for committing to unordered lists (i.e., to multisets) and the second is for committing to ordered lists (i.e., to vectors). Both of our constructions build on Kate et al.’s polynomial commitments, leveraging the algebraic structure of polynomials to fine tune the ordinary binding property of mercurial commitments. To facilitate these constructions, we give novel zero-knowledge protocols for 1) proving knowledge of a point on a committed polynomial, 2) arguing knowledge of the committed polynomial itself, and 3) arguing that a committed polynomial has degree at most k.
منابع مشابه
Batch Proofs of Partial Knowledge
We present a practical attack on the soundness of Peng and Bao’s ‘batch zero-knowledge proof and verification’ protocol for proving knowledge and equality of one-out-of-n pairs of discrete logarithms. Fixing the protocol seems to require a commitment scheme with a nonstandard, mercurial-esque binding property: the prover commits to just n− 1 values, but later opens the commitment to n values wi...
متن کاملMinimal Assumptions for Efficient Mercurial Commitments
Mercurial commitments were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [27]). Unlike regular commitments, which are strictly binding, mercurial commitments allow for certain amount of (limited) freedom. The notion of [8] also required that mercurial commitments should be equivocable given a certain tra...
متن کاملMercurial Commitments: Minimal Assumptions and Efficient Constructions
(Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (noninteractive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: ...
متن کاملUpdatable Zero-Knowledge Databases
Micali, Rabin, and Kilian [9] recently introduced zero-knowledge sets and databases, in which a prover sets up a database by publishing a commitment, and then gives proofs about particular values. While an elegant and useful primitive, zero-knowledge databases do not offer any good way to perform updates. We explore the issue of updating zero-knowledge databases. We define and discuss transpare...
متن کاملUpdatable Zero-Knowledge Databases
Micali, Rabin, and Kilian [9] recently introduced zero-knowledge sets and databases, in which a prover sets up a database by publishing a commitment, and then gives proofs about particular values. While an elegant and useful primitive, zero-knowledge databases do not offer any good way to perform updates. We explore the issue of updating zero-knowledge databases. We define and discuss transpare...
متن کامل