On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures

We show that the existence of a statistically hiding bit commitment scheme with non-interactive opening and public verification implies the existence of fail-stop signatures. Therefore such signatures can now be based on any one-way permutation - the weakest assumption known to be sufficient for fail-stop signatures. We also show that genuinely practical fail-stop signatures follow from the existence of any collision-intractable hash function. A similar idea is used to improve a commitment scheme of Naor and Yung, so that one can commit to several bits with amortized O(1) bits of communication per bit committed to.Conversely, we show that any fail-stop signature scheme with a property we call the almost unique secret key property can be transformed into a statistically hiding bit commitment scheme. All previously known fail-stop signature schemes have this property. We even obtain an equivalence since we can modify the construction of fail-stop signatures from bit commitments such that it has this property.

[1]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[2]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[3]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[4]  Eugène van Heyst,et al.  How to Make Efficient Fail-stop Signatures , 1992, EUROCRYPT.

[5]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[6]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[7]  D.J. Hotetz,et al.  Secure communications and asymmetric cryptosystems , 1985, Proceedings of the IEEE.

[8]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[9]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract) , 1992, CRYPTO.

[10]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[11]  R. Gallager Information Theory and Reliable Communication , 1968 .

[12]  Birgit Pfitzmann,et al.  New Constructions of Fail-Stop Signatures and Lower Bounds (Extended Abstract) , 1992, CRYPTO.

[13]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[14]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[15]  Ueli Maurer,et al.  Generalized privacy amplification , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[16]  Birgit Pfitzmann,et al.  The Dining Cryptographers in the Disco - Underconditional Sender and Recipient Untraceability with Computationally Secure Serviceability (Abstract) , 1990, EUROCRYPT.

[17]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[18]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[19]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[20]  Birgit Pfitzmann,et al.  Sorting out signature schemes , 1993, CCS '93.

[21]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[22]  Birgit Pfitzmann,et al.  Fail-stop Signatures and their Application , 1991 .