On the existence of statistically hiding bit commitment schemes and fail-stop signatures

We show that the existence of a statistically hiding bit commitment scheme with noninteractive opening and public verifiability implies the existence of fail-stop signatures. Therefore such signatures can now be based on any one-way permutation. We also show that genuinely practical fail-stop signatures follow from the existence of any collision-intractable hash function. These are the weakest assumptions known to be sufficient for fail-stop signatures.Conversely, we show that any fail-stop signature scheme with a property we call thealmost unique secret key property can be transformed into a statistically hiding bit commitment scheme. All previously known fail-stop signature schemes have this property. We even obtain an equivalence, because we can modify the construction of fail-stop signatures from bit commitments such that it has this property.

[1]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[2]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract) , 1992, CRYPTO.

[3]  Birgit Pfitzmann,et al.  The Dining Cryptographers in the Disco - Underconditional Sender and Recipient Untraceability with Computationally Secure Serviceability (Abstract) , 1990, EUROCRYPT.

[4]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1967 .

[5]  Birgit Pfitzmann,et al.  Digital Signature Schemes , 1996, Lecture Notes in Computer Science.

[6]  Gilles Brassard,et al.  Privacy Amplification by Public Discussion , 1988, SIAM J. Comput..

[7]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[8]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[9]  Birgit Pfitzmann,et al.  Digital Signature Schemes: General Framework and Fail-Stop Signatures , 1996 .

[10]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[11]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[12]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[13]  Ivan Damgård,et al.  Statistical Secrecy and Multi-Bit Commitments , 1996 .

[14]  Birgit Pfitzmann,et al.  Sorting out signature schemes , 1993, CCS '93.

[15]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[16]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[17]  Birgit Pfitzmann,et al.  Fail-stop Signatures and their Application , 1991 .

[18]  Ivan Damgård,et al.  Statistical Secrecy and Multibit Commitments , 1998, IEEE Trans. Inf. Theory.

[19]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[20]  Eugène van Heyst,et al.  How to Make Efficient Fail-stop Signatures , 1992, EUROCRYPT.

[21]  Birgit Pfitzmann,et al.  New Constructions of Fail-Stop Signatures and Lower Bounds (Extended Abstract) , 1992, CRYPTO.

[22]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[23]  William Feller,et al.  An Introduction to Probability Theory and Its Applications , 1951 .

[24]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[25]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[26]  Birgit Pfitzmann,et al.  Fail-Stop Signatures , 1997, SIAM J. Comput..

[27]  Bart Preneel,et al.  RIPEMD-160: A Strengthened Version of RIPEMD , 1996, FSE.

[28]  A. D. Wyner,et al.  The wire-tap channel , 1975, The Bell System Technical Journal.

[29]  R. Gallager Information Theory and Reliable Communication , 1968 .