(Nearly) Round-Optimal Black-Box Constructions of Commitments Secure against Selective Opening Attacks

Selective opening attacks against commitment schemes occur when the commitment scheme is repeated in parallel (or concurrently) and an adversary can choose depending on the commit-phase transcript to see the values and openings to some subset of the committed bits. Commitments are secure under such attacks if one can prove that the remaining, unopened commitments stay secret. We prove the following black-box constructions and black-box lower bounds for commitments secure against selective opening attacks: 1. For parallel composition, 4 (resp. 5) rounds are necessary and sufficient to build computationally (resp. statistically) binding and computationally hiding commitments. Also, there are no perfectly bind-

[1]  Rafael Pass,et al.  On the Composition of Public-Coin Zero-Knowledge Protocols , 2009, CRYPTO.

[2]  Alon Rosen Concurrent Zero-Knowledge - With Additional Background by Oded Goldreich , 2006, Information Security and Cryptography.

[3]  Hoeteck Wee,et al.  Black-Box Constructions of Two-Party Protocols from One-Way Functions , 2009, TCC.

[4]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[5]  Oded Goldreich,et al.  How to construct constant-round zero-knowledge proof systems for NP , 1996, Journal of Cryptology.

[6]  Omer Reingold,et al.  Finding Collisions in Interactive Protocols - A Tight Lower Bound on the Round Complexity of Statistically-Hiding Commitments , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[7]  Moni Naor,et al.  Magic functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[8]  Rafail Ostrovsky,et al.  Non-interactive and non-malleable commitment , 1998, STOC '98.

[9]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds , 2002, SIAM J. Comput..

[10]  Boaz Barak,et al.  How to go beyond the black-box simulation barrier , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[11]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[12]  Moti Yung,et al.  Everything in NP can be Argued in Perfect Zero-Knowledge in a Bounded Number of Rounds , 1989, ICALP.

[13]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[14]  Moni Naor,et al.  Magic Functions: In Memoriam: Bernard M. Dwork 1923--1998 , 2003, JACM.

[15]  Marc Fischlin,et al.  Trapdoor commitment schemes and their applications , 2001 .

[16]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[17]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[18]  Donald Beaver,et al.  Adaptive zero knowledge and computational equivocation (extended abstract) , 1996, STOC '96.

[19]  Gilles Brassard,et al.  Zero-Knowledge Simulation of Boolean Circuits , 1986, CRYPTO.

[20]  Omer Reingold,et al.  Inaccessible entropy , 2009, STOC '09.

[21]  Jonathan Katz Which Languages Have 4-Round Zero-Knowledge Proofs? , 2008, TCC.

[22]  Rafail Ostrovsky,et al.  On Concurrent Zero-Knowledge with Pre-processing , 1999, CRYPTO.

[23]  Mihir Bellare,et al.  Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening , 2009, EUROCRYPT.