Open AccessPerfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor
Author(s) -
Ivan Damgård,
Jesper Buus Nielsen
Publication year - 2001
Publication title -
brics report series
Language(s) - English
Resource type - Journals
eISSN - 1601-5355
pISSN - 0909-0878
DOI - 10.7146/brics.v8i41.21701
Subject(s) - commitment scheme , constant (computer programming) , cryptosystem , computer science , commit , mathematical proof , mathematics , scheme (mathematics) , encryption , discrete mathematics , theoretical computer science , cryptography , arithmetic , algorithm , computer security , mathematical analysis , geometry , database , programming language
Canetti and Fischlin have recently proposed the security notion universal composability for commitment schemes and provided two examples. This new notion is very strong. It guarantees that security is maintained even when an unbounded number of copies of the scheme are running concurrently, also it guarantees non-malleability, resilience to selective decommitment, and security against adaptive adversaries. Both of their schemes uses Theta(k) bits to commit to one bit and can be based on the existence of trapdoor commitments and non-malleable encryption. We present new universally composable commitment schemes based on the Paillier cryptosystem and the Okamoto-Uchiyama cryptosystem. The schemes are efficient: to commit to k bits, they use a constant number of modular exponentiations and communicates O(k) bits. Furthermore the scheme can be instantiated in either perfectly hiding or perfectly binding versions. These are the first schemes to show that constant expansion factor, perfect hiding, and perfect binding can be obtained for universally composable commitments. We also show how the schemes can be applied to do efficient zero-knowledge proofs of knowledge that are universally composable.