How to Securely Prolong the Computational Bindingness of Pedersen Commitments

Pedersen commitments are important cryptographic primitives. They allow a prover to commit to a certain value without revealing any information about it and without the prover being able to change its mind later on. Since the first property holds unconditionally this is an essential primitive for many schemes providing long-term confidentiality. However, the second property only holds computationally. Hence, in the long run bindingness is lost, making the primitive improper for long-lived systems. Thus in this paper, we describe a protocol that, in a sense, prolongs the bindingness of a given Pedersen commitment. More precisely, we demonstrate how to prove in perfect zero-knowledge that a new Pedersen commitment - generated with a larger security parameter - and a corresponding old commitment both commit to the same value. We stress that this is a non-trivial procedure. Up until now the only known perfect zero-knowledge proof techniques for proving message equivalence of two commitments work when both commitments use isomorphic message spaces. However, as we will show in this work, to prolong the security of Pedersen commitments we cannot tolerate this restriction. Our prolonging technique works for non-isomorphic message spaces, is efficient, can be repeated an arbitrary number of times, maintains unconditional confidentiality, and allows to preserve the format of the Pedersen commitments. This makes the construction presented here an important contribution to long-lived systems. Finally, we illustrate this by discussing how commitments with prolongable bindingness can be used to allow for archiving solutions that provide not only integrity but also confidentiality in the long-term.

[1]  Dimitris Gritzalis,et al.  Cumulative notarization for long-term preservation of digital signatures , 2004, Comput. Secur..

[2]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[3]  Helger Lipmaa,et al.  On Diophantine Complexity and Statistical Zero-Knowledge Arguments , 2003, ASIACRYPT.

[4]  Lau Cheuk Lung,et al.  An Infrastructure for Long-Term Archiving of Authenticated and Sensitive Electronic Documents , 2010, EuroPKI.

[5]  Stuart Haber,et al.  A Content Integrity Service For Long-Term Digital Archives , 2006 .

[6]  Valtteri Niemi,et al.  Secure Vickrey Auctions without Threshold Trust , 2002, Financial Cryptography.

[7]  Zoe L. Jiang,et al.  A Key-Recovery System for Long-term Encrypted Documents , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW'06).

[8]  K. Gopinath,et al.  G_{its}^2 VSR: An Information Theoretical Secure Verifiable Secret Redistribution Protocol for Long-term Archival Storage , 2007 .

[9]  Moni Naor,et al.  Split-ballot voting: Everlasting privacy with distributed trust , 2007, TSEC.

[10]  Johannes Braun,et al.  On the Security of Encrypted Secret Sharing , 2013, 2013 46th Hawaii International Conference on System Sciences.

[11]  Sushil Jajodia,et al.  Redistributing Secret Shares to New Access Structures and Its Applications , 1997 .

[12]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[13]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[14]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[15]  K. Gopinath,et al.  An extended verifiable secret redistribution protocol for archival systems , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[16]  Ralf Brandner,et al.  Evidence Record Syntax (ERS) , 2007, RFC.

[17]  Stuart Haber,et al.  Improving the Efficiency and Reliability of Digital Time-Stamping , 1993 .

[18]  Yi Mu,et al.  Efficient Non-interactive Range Proof , 2009, COCOON.

[19]  Johannes A. Buchmann,et al.  Integrity, authenticity, non-repudiation, and proof of existence for long-term archiving: A survey , 2015, Comput. Secur..

[20]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[21]  Tobias Gondrom,et al.  Extensible Markup Language Evidence Record Syntax (XMLERS) , 2011, RFC.

[22]  Hugo Krawczyk,et al.  Proactive Secret Sharing Or: How to Cope With Perpetual Leakage , 1995, CRYPTO.

[23]  Ramakrishna Kotla,et al.  SafeStore: A Durable and Practical Storage System , 2007, USENIX Annual Technical Conference.

[24]  Fabrice Boudot,et al.  Efficient Proofs that a Committed Number Lies in an Interval , 2000, EUROCRYPT.

[25]  Ivan Damgård,et al.  A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System , 2001, Public Key Cryptography.

[26]  Jens Groth,et al.  Non-interactive Zero-Knowledge Arguments for Voting , 2005, ACNS.

[27]  Jacob R. Lorch,et al.  Farsite: federated, available, and reliable storage for an incompletely trusted environment , 2002, OSDI '02.

[28]  John Ross,et al.  CMS Advanced Electronic Signatures (CAdES) , 2008, RFC.

[29]  Jeannette M. Wing,et al.  Verifiable secret redistribution for archive systems , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[30]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.

[31]  Mihir Bellare,et al.  Verifiable partial key escrow , 1997, CCS '97.

[32]  Antony I. T. Rowstron,et al.  PAST: a large-scale, persistent peer-to-peer storage utility , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[33]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[34]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[35]  Johannes A. Buchmann,et al.  Assessing trust in the long-term protection of documents , 2013, 2013 IEEE Symposium on Computers and Communications (ISCC).

[36]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[37]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[38]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[39]  Sébastien Canard,et al.  New Results for the Practical Use of Range Proofs , 2013, EuroPKI.

[40]  Paul Feldman,et al.  A practical scheme for non-interactive verifiable secret sharing , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[41]  David Chaum,et al.  Wallet Databases with Observers , 1992, CRYPTO.

[42]  Abhi Shelat,et al.  Additive Combinatorics and Discrete Logarithm Based Range Protocols , 2010, ACISP.

[43]  Ethan L. Miller,et al.  POTSHARDS—a secure, recoverable, long-term archival storage system , 2009, TOS.

[44]  Detlef Hühnlein,et al.  A Comprehensive Reference Architecture for Trustworthy Long-Term Archiving of Sensitive Data , 2009, 2009 3rd International Conference on New Technologies, Mobility and Security.