All-but-k Mercurial Commitments and their Applications †

We introduce and formally define all-but-k mer- curial commitments, a new kind cryptographic commitment that generalizes standard mercurial and non-mercurial (vec- tor) commitments. We provide two concrete constructions for all-but-k mercurial commitments: the first is for committing to unordered lists (i.e., to multisets) and the second is for committing to ordered lists (i.e., to vectors). Both of our constructions build on Kate et al.'s polynomial commitments, leveraging the algebraic structure of polynomials to fine tune the ordinary binding property of mercurial commitments. To facilitate these constructions, we give novel zero-knowledge protocols for 1) proving knowledge of a point on a committed polynomial, 2) arguing knowledge of the committed polyno- mial itself, and 3) arguing that a committed polynomial has degree at most k.

[1]  Mario Di Raimondo,et al.  Zero-Knowledge Sets With Short Proofs , 2008, IEEE Transactions on Information Theory.

[2]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[3]  Tal Malkin,et al.  Mercurial Commitments with Applications to Zero-Knowledge Sets , 2005, Journal of Cryptology.

[4]  Ian Goldberg,et al.  Polynomial Commitments , 2010 .

[5]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[6]  Jan Camenisch,et al.  Efficient Group Signature Schemes for Large Groups (Extended Abstract) , 1997, CRYPTO.

[7]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[8]  Piotr Rudnicki,et al.  Little Bezout Theorem ( Factor Theorem ) 1 , 2004 .

[9]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[10]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[11]  Ian Goldberg,et al.  Constant-Size Commitments to Polynomials and Their Applications , 2010, ASIACRYPT.

[12]  Dan Boneh,et al.  Short Signatures Without Random Oracles and the SDH Assumption in Bilinear Groups , 2008, Journal of Cryptology.

[13]  Yi Mu,et al.  Compact E-Cash from Bounded Accumulator , 2007, CT-RSA.

[14]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[15]  Moti Yung,et al.  Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs , 2010, TCC.

[16]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[17]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.