How many rounds and which computational assumptions are needed for concurrent nonmalleable commitments? The above question has puzzled researchers for several years. Recently, Pass in [TCC 2013] proved a lower bound of 3 rounds when security is proven through black-box reductions to falsifiable assumptions. On the other side, positive results of Goyal [STOC 2011], Lin and Pass [STOC 2011] and G...

How many rounds and which computational assumptions are needed for concurrent nonmalleable commitments? The above question has puzzled researchers for several years. Recently, Pass in [TCC 2013] proved a lower bound of 3 rounds when security is proven through black-box reductions to falsifiable assumptions. On the other side, positive results of Goyal [STOC 2011], Lin and Pass [STOC 2011] and G...

A zero-knowledge protocol allows a prover to convince a verifier of the correctness of a statement without disclosing any other information to the verifier. It is a basic tool and widely used in many other cryptographic applications. However, when stand-alone zero-knowledge protocols are used in complex environments, e.g., the Internet, the basic properties may not be sufficient. This is why re...

Cryptography algorithm standards play a key role both to the practice of information securityand to cryptography theory research. Among them, the MQV and HMQV protocols ((H)MQV, inshort) are a family of (implicitly authenticated) Diffie-Hellman key-exchange (DHKE) protocols thatare widely standardized and deployed. In this work, from some new perspectives and approaches andunder...

OBJECTIVE To evaluate surgical outcome, complications, and patients satisfaction with the Tube® (Promedon, Cordoba, Argentina) malleable penile prosthesis in diabetic and non-diabetic patients with refractory erectile dysfunction (ED). PATIENTS AND METHODS The records of 128 eligible patients who received Tube malleable penile prostheses at our institute between September 2008 and October 201...

Concurrent non-malleable zero-knowledge (CNMZK) protocols are zero-knowledge protocols that are secure even against adversaries that interact with multiple provers and verifiers simultaneously. Recently, the first statistical CNMZK argument forNP was constructed under the DDH assumption (Orlandi el al., TCC’14). In this paper, we construct a statistical CNMZK argument forNP assuming only the ex...

We give a construction of non-malleable statistically hiding commitments based on the existence of one-way functions. Our construction employs statistically hiding commitment schemes recently proposed by Haitner and Reingold [1], and special-sound WI proofs. Our proof of security relies on the message scheduling technique introduced by Dolev, Dwork and Naor [2], and requires only the use of bla...

In this paper we consider commitment schemes that are secure against concurrent poly-time man-in-the-middle (cMiM) attacks. Under such attacks, two possible notions of security for commitment schemes have been proposed in the literature: concurrent nonmalleability with respect to commitment and concurrent non-malleability with respect to decommitment (i.e., opening). After the original notion o...

We give a new black-box transformation from any semantically secure encryption scheme into a non-malleable one which has a better rate than the best previous work of Coretti et al. (TCC 2016-A). We achieve a better rate by departing from the “matrix encoding” methodology used by previous constructions, and working directly with a single codeword. We also use a Shamir secret-share packing techni...

When commitment schemes are used in complex environments, e.g., the Internet, the issue of malleability appears, i.e., a concurrent man-in-the-middle adversary might generate commitments to values related to ones committed to by honest players. In the plain model, the current best solution towards resolving this problem in a constant number of rounds is the work of Ostrovsky, Persiano and Visco...