Non-interactive and reusable non-malleable commitment schemes

We consider non-malleable (NM) and universally composable (UC) commitment schemes in the common reference string (CRS) model. We show how to construct non-interactive NM commitments that remain non-malleable even if the adversary has access to an arbitrary number of commitments from honest players - rather than one, as in several previous schemes. We show this is a strictly stronger security notion. Our construction is the first non-interactive scheme achieving this that can be based on the minimal assumption of existence of one-way functions. But it can also be instantiated in a very efficient version based on the strong RSA assumption. For UC commitments, we show that existence of a UC commitment scheme in the CRS model (interactive or not) implies key exchange and - for a uniform reference string - even implies oblivious transfer. This indicates that UC commitment is a strictly stronger primitive than NM. Finally, we show that our strong RSA based construction can be used to improve the most efficient known UC commitment scheme so it can work with a CRS of size independent of the number of players, without loss of efficiency.

[1]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[2]  Rafail Ostrovsky,et al.  Efficient and Non-interactive Non-malleable Commitment , 2001, EUROCRYPT.

[3]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[4]  Moni Naor,et al.  Nonmalleable Cryptography , 2000, SIAM Rev..

[5]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[6]  Ivan Damgård,et al.  Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor , 2001, CRYPTO.

[7]  C. Pomerance,et al.  Prime Numbers: A Computational Perspective , 2002 .

[8]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[9]  Marc Fischlin,et al.  On the Impossibility of Constructing Non-interactive Statistically-Secret Protocols from Any Trapdoor One-Way Function , 2002, CT-RSA.

[10]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[11]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[12]  Marc Fischlin,et al.  Efficient Non-Malleable Commitment Schemes , 2000, Annual International Cryptology Conference.

[13]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[14]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[15]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[16]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..