Breaking the Three Round Barrier for Non-malleable Commitments

We construct two-message non-malleable commitments with respect to opening in the standard model, assuming only one-to-one one-way functions. Our protocol consists of two unidirectional messages by the committer (with no message from the receiver), and is secure against all polynomial-time adversaries in the standard synchronous setting. Pass (TCC 2013) proved that any commitment scheme with non-malleability with respect to commitment, using only 2 rounds of communication, cannot be proved secure via a black-box reduction to any "standard" intractability assumption. We extend this by showing a similar impossibility result for commitments with non-malleability with respect to opening, another standard notion of non-malleability for commitments, for any 2-message challenge-response protocol, as well. However, somewhat surprisingly, we show that this barrier breaks down in the setting of two unidirectional messages by the committer (with no message from the receiver), for non-malleability with respect to opening. ° Our protocol makes only black-box use of any non-interactive statistically binding commitment scheme. Such a scheme can be based on any one-to-one one-way function. ° Our techniques depart significantly from the commit-challenge-response structure followed by nearly all prior works on non-malleable protocols in the standard model. Our methods are combinatorial in nature. ° Our protocol resolves the round complexity of commitments with non-malleability with respect to opening via natural (non-embedding) black-box security reductions. We show that completely non-interactive non-malleable commitments w.r.t. opening cannot be proved secure via most natural black-box reductions. This result extends to also rule out bi-directional two-message non-malleable commitments w.r.t. opening in the synchronous or asynchronous setting. ° Our protocol, together with our impossibility result, also resolves the round complexity of block-wise non-malleable codes (Chandran et al) w.r.t. natural black-box reductions.

[1]  Vipul Goyal,et al.  Block-wise Non-Malleable Codes , 2016, IACR Cryptol. ePrint Arch..

[2]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[3]  Rafail Ostrovsky,et al.  Constructing Non-malleable Commitments: A Black-Box Approach , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[4]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.

[5]  Rafael Pass,et al.  Constant-round non-malleable commitments from any one-way function , 2011, STOC '11.

[6]  Rafael Pass,et al.  Unprovable Security of Perfect NIZK and Non-interactive Non-malleable Commitments , 2013, computational complexity.

[7]  Silas Richelson,et al.  Textbook non-malleable commitments , 2016, STOC.

[8]  Hoeteck Wee,et al.  Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[9]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[10]  Silas Richelson,et al.  An Algebraic Approach to Non-malleability , 2014, 2014 IEEE 55th Annual Symposium on Foundations of Computer Science.

[11]  Vipul Goyal,et al.  Constant round non-malleable protocols using one way functions , 2011, STOC '11.

[12]  Rafael Pass,et al.  New and Improved Constructions of Nonmalleable Cryptographic Protocols , 2008, SIAM J. Comput..

[13]  Marc Fischlin,et al.  Efficient Non-malleable Commitment Schemes , 2000, Journal of Cryptology.

[14]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[15]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[16]  Rafael Pass,et al.  Bounded-concurrent secure multi-party computation with a dishonest majority , 2004, STOC '04.