Reducing Complexity Assumptions for Statistically-Hiding Commitment

Abstract We revisit the following question: what are the minimal assumptions needed to construct statistically-hiding commitment schemes? Naor et al. show how to construct such schemes based on any one-way permutation. We improve upon this by showing a construction based on any approximable preimage-size one-way function. These are one-way functions for which it is possible to efficiently approximate the number of pre-images of a given output. A special case is the class of regular one-way functions where all points in the image of the function have the same (known) number of pre-images. We also prove two additional results related to statistically-hiding commitment. First, we prove a (folklore) parallel composition theorem showing, roughly speaking, that the statistical hiding property of any such commitment scheme is amplified exponentially when multiple independent parallel executions of the scheme are carried out. Second, we show a compiler which transforms any commitment scheme which is statistically hiding against an honest-but-curious receiver into one which is statistically hiding even against a malicious receiver.

[1]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[2]  Ran Raz,et al.  A parallel repetition theorem , 1995, STOC '95.

[3]  Marc Fischlin,et al.  On the Impossibility of Constructing Non-interactive Statistically-Secret Protocols from Any Trapdoor One-Way Function , 2002, CT-RSA.

[4]  Hugo Krawczyk,et al.  On the Existence of Pseudorandom Generators , 1993, SIAM J. Comput..

[5]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[6]  Michael R. Beauregard,et al.  The Basic Tools , 1992 .

[7]  Omer Reingold,et al.  Statistically-hiding commitment from any one-way function , 2007, STOC '07.

[8]  Jonathan Katz,et al.  Reducing Complexity Assumptions for Statistically-Hiding Commitment , 2005, EUROCRYPT.

[9]  Daniel R. Simon,et al.  Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? , 1998, EUROCRYPT.

[10]  Rafail Ostrovsky,et al.  Secure Commitment Against A Powerful Adversary , 1992, STACS.

[11]  Silvio Micali,et al.  On the Cryptographic Applications of Random Functions , 1984, CRYPTO.

[12]  Leonid A. Levin,et al.  Security preserving amplification of hardness , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[13]  Yehuda Lindell,et al.  Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation , 2001, Journal of Cryptology.

[14]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[15]  Noga Alon,et al.  A Fast and Simple Randomized Parallel Algorithm for the Maximal Independent Set Problem , 1985, J. Algorithms.

[16]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[17]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[18]  Moni Naor,et al.  Universal one-way hash functions and their cryptographic applications , 1989, STOC '89.

[19]  Omer Reingold,et al.  A New Interactive Hashing Theorem , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[20]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[21]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[22]  Silvio Micali,et al.  Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing , 1996, CRYPTO.

[23]  John Rompel,et al.  One-way functions are necessary and sufficient for secure signatures , 1990, STOC '90.

[24]  William Hugh Murray,et al.  Modern Cryptography , 1995, Information Security Journal.

[25]  Leonid A. Levin,et al.  A Pseudorandom Generator from any One-way Function , 1999, SIAM J. Comput..

[26]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[27]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[28]  Joan Boyar,et al.  A discrete logarithm implementation of perfect zero-knowledge blobs , 1990, Journal of Cryptology.

[29]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[30]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[31]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[32]  Adi Shamir,et al.  Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions , 1999, SIAM J. Comput..

[33]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[34]  Moti Yung,et al.  On the Design of Provably Secure Cryptographic Hash Functions , 1991, EUROCRYPT.

[35]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[36]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[37]  Silvio Micali,et al.  How to sign given any trapdoor permutation , 1992, JACM.

[38]  Moni Naor,et al.  Does parallel repetition lower the error in computationally sound protocols? , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[39]  Oded Goldreich,et al.  On the power of two-point based sampling , 1989, J. Complex..

[40]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[41]  Ivan Damgård,et al.  On the existence of statistically hiding bit commitment schemes and fail-stop signatures , 1994, Journal of Cryptology.

[42]  Salil P. Vadhan,et al.  Statistical Zero-Knowledge Arguments for NP from Any One-Way Function , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[43]  Aravind Srinivasan,et al.  Chernoff-Hoeffding bounds for applications with limited independence , 1995, SODA '93.

[44]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[45]  Luca Trevisan,et al.  Notions of Reducibility between Cryptographic Primitives , 2004, TCC.

[46]  Alexander Russell Necessary and Sufficient Conditions For Collision-Free Hashing , 1992, CRYPTO.

[47]  Justin M. Reyneri,et al.  Coin flipping by telephone , 1984, IEEE Trans. Inf. Theory.

[48]  Stuart A. Kurtz,et al.  A discrete logarithm implementation of zero-knowledge blobs , 1987 .

[49]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[50]  Rafail Ostrovsky,et al.  Fair Games against an All-Powerful Adversary , 1990, Advances In Computational Complexity Theory.

[51]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[52]  Oded Goldreich,et al.  On basing one-way functions on NP-hardness , 2006, STOC '06.

[53]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.