Additively Homomorphic UC Commitments with Optimal Amortized Overhead

We propose the first UC secure commitment scheme with (amortized) computational complexity linear in the size of the string committed to. After a preprocessing phase based on oblivious transfer, that only needs to be done once and for all, our scheme only requires a pseudorandom generator and a linear code with efficient encoding. We also construct an additively homomorphic version of our basic scheme using VSS. Furthermore we evaluate the concrete efficiency of our schemes and show that the amortized computational overhead is significantly lower than in the previous best constructions. In fact, our basic scheme has amortised concrete efficiency comparable with previous protocols in the Random Oracle Model even though it is constructed in the plain model.

[1]  Ivan Damgård,et al.  On the Necessary and Sufficient Assumptions for UC Computation , 2010, TCC.

[2]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[3]  Yehuda Lindell,et al.  SCAPI: The Secure Computation Application Programming Interface , 2012, IACR Cryptol. ePrint Arch..

[4]  Proceedings of the 35th Annual ACM Symposium on Theory of Computing, June 9-11, 2003, San Diego, CA, USA , 2003, STOC.

[5]  Moni Naor,et al.  Bit commitment using pseudorandomness , 2004, Journal of Cryptology.

[6]  Yehuda Lindell,et al.  Highly-Efficient Universally-Composable Commitments based on the DDH Assumption , 2011, IACR Cryptol. ePrint Arch..

[7]  Yevgeniy Dodis,et al.  Efficient Constructions of Composable Commitments and Zero-Knowledge Proofs , 2008, CRYPTO.

[8]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[9]  Yuval Ishai,et al.  On the Complexity of UC Commitments , 2014, EUROCRYPT.

[10]  Venkatesan Guruswami,et al.  Linear-time encodable/decodable codes with near-optimal rate , 2005, IEEE Transactions on Information Theory.

[11]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[12]  Yuval Ishai,et al.  Secure Arithmetic Computation with No Honest Majority , 2008, IACR Cryptol. ePrint Arch..

[13]  Venkatesan Guruswami,et al.  Expander-based constructions of efficiently decodable codes , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[14]  Ivan Damgård,et al.  Non-interactive and reusable non-malleable commitment schemes , 2003, STOC '03.

[15]  Yuval Ishai,et al.  Linear-time encodable codes meeting the gilbert-varshamov bound and their cryptographic applications , 2014, ITCS.

[16]  Gilles Brassard,et al.  Information theoretic reductions among disclosure problems , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[17]  Ivan Damgård,et al.  On the Amortized Complexity of Zero Knowledge Protocols for Multiplicative Relations , 2012, ICITS.

[18]  Salil P. Vadhan,et al.  Characterizing pseudoentropy and simplifying pseudorandom generator constructions , 2012, STOC '12.

[19]  Moni Naor,et al.  Oblivious Transfer with Adaptive Queries , 1999, CRYPTO.

[20]  David Pointcheval,et al.  Analysis and Improvement of Lindell's UC-Secure Commitment Schemes , 2013, IACR Cryptol. ePrint Arch..

[21]  Ivan Damgård,et al.  Compact VSS and Efficient Homomorphic UC Commitments , 2014, IACR Cryptol. ePrint Arch..

[22]  Venkatesan Guruswami,et al.  Linear time encodable and list decodable codes , 2003, STOC '03.

[23]  Jörn Müller-Quade,et al.  Universally Composable Commitments Using Random Oracles , 2004, TCC.

[24]  O. Antoine,et al.  Theory of Error-correcting Codes , 2022 .

[25]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[26]  Daniel A. Spielman,et al.  Linear-time encodable and decodable error-correcting codes , 1995, STOC '95.

[27]  Venkatesan Guruswami,et al.  Near-optimal linear-time codes for unique decoding and new list-decodable codes over smaller alphabets , 2002, STOC '02.

[28]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.