Four-Round Concurrent Non-Malleable Commitments from One-Way Functions

How many rounds and which computational assumptions are needed for concurrent nonmalleable commitments? The above question has puzzled researchers for several years. Recently, Pass in [TCC 2013] proved a lower bound of 3 rounds when security is proven through black-box reductions to falsifiable assumptions. On the other side, positive results of Goyal [STOC 2011], Lin and Pass [STOC 2011] and Goyal et al. [FOCS 2012] showed that one-way functions are sufficient with a constant (at least 6) number of rounds. More recently Ciampi et al. [CRYPTO 2016] showed that subexponentially strong one-way permutations are sufficient with just 3 rounds. In this work we almost close the above open question by showing a 4-round concurrent nonmalleable commitment scheme that only needs one-way functions. Our main technique consists in showing how to upgrade basic forms of non-malleability (i.e., non-malleability w.r.t. nonaborting adversaries) to full-fledged non-malleability without penalizing the round complexity.