Revisiting Lower and Upper Bounds for Selective Decommitments

In [6,7], Dwork et al. posed the fundamental question of existence of commitment schemes that are secure against selective opening attacks (SOA, for short). In [2] Bellare, Hofheinz, and Yilek, and Hofheinz in [13] answered it affirmatively by presenting a scheme which is based solely on the non-black-box use of a one-way permutation needing a super-constant number of rounds. This result however opened other challenging questions about achieving a better round complexity and obtaining fully black-box schemes using underlying primitives and code of the adversary in a black-box manner. Recently, in TCC 2011, Xiao ([23]) investigated on how to achieve (nearly) optimal SOA-secure commitment schemes where optimality is in the sense of both the round complexity and the black-box use of cryptographic primitives. The work of Xiao focuses on a simulation-based security notion of SOA. Moreover, the various results in [23] focus only on either parallel or concurrent SOA. In this work we first point out various issues in the claims of [23] that actually re-open several of the questions left open in [2,13]. Then, we provide new lower bounds and concrete constructions that produce a very different state-of-the-art compared to the one claimed in [23].

[1]  David Xiao,et al.  Round-Optimal Black-Box Statistically Binding Selective-Opening Secure Commitments , 2012, AFRICACRYPT.

[2]  Dennis Hofheinz,et al.  On definitions of selective opening security , 2012, IACR Cryptol. ePrint Arch..

[3]  Adi Shamir,et al.  Publicly Verifiable Non-Interactive Zero-Knowledge Proofs , 1990, CRYPTO.

[4]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[5]  Tal Malkin,et al.  Simple, Black-Box Constructions of Adaptively Secure Protocols , 2009, TCC.

[6]  Yehuda Lindell,et al.  Bounded-concurrent secure two-party computation without setup assumptions , 2003, STOC '03.

[7]  Ran Canetti,et al.  Black-box concurrent zero-knowledge requires \tilde {Ω} (logn) rounds , 2001, STOC '01.

[8]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires ~Omega(log n) Rounds , 2001, Electron. Colloquium Comput. Complex..

[9]  Dennis Hofheinz Possibility and Impossibility Results for Selective Decommitments , 2010, Journal of Cryptology.

[10]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[11]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[12]  Moni Naor,et al.  Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998 , 2003, JACM.

[13]  Silvio Micali,et al.  Independent Zero-Knowledge Sets , 2006, ICALP.

[14]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[15]  Hoeteck Wee,et al.  Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[16]  Hoeteck Wee,et al.  Black-Box Constructions of Two-Party Protocols from One-Way Functions , 2009, TCC.

[17]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[18]  Brent Waters,et al.  Standard Security Does Not Imply Security against Selective-Opening , 2012, EUROCRYPT.

[19]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[20]  Rafail Ostrovsky,et al.  Constructing Non-malleable Commitments: A Black-Box Approach , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[21]  Ke Yang,et al.  On Simulation-Sound Trapdoor Commitments , 2004, EUROCRYPT.

[22]  David Xiao Liafa On the round complexity of black-box constructions of commitments secure against selective opening attacks , 2012 .

[23]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[24]  Leonid Reyzin,et al.  Zero-knowledge with public keys , 2001 .

[25]  Rafail Ostrovsky,et al.  Simulation-Based Concurrent Non-malleable Commitments and Decommitments , 2009, TCC.

[26]  Ivan Visconti,et al.  On Round-Optimal Zero Knowledge in the Bare Public-Key Model , 2012, EUROCRYPT.

[27]  Rafail Ostrovsky,et al.  On Concurrent Zero-Knowledge with Pre-processing , 1999, CRYPTO.

[28]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.

[29]  Amit Sahai,et al.  Concurrent Zero Knowledge without Complexity Assumptions , 2006, Electron. Colloquium Comput. Complex..

[30]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[31]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[32]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[33]  David Xiao,et al.  (Nearly) Round-Optimal Black-Box Constructions of Commitments Secure against Selective Opening Attacks , 2011, TCC.