A Straight-Line Extractable Non-malleable Commitment Scheme

Authors:
Seiko Arita
Affiliations:
-
Venue:
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Year:
2007

Citing 9
Cited 0

Non-interactive and non-malleable commitment

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Nonmalleable Cryptography

SIAM Journal on Computing
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
On the Existence of 3-Round Zero-Knowledge Protocols

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Towards Practical Public Key Systems Secure Against Chosen Ciphertext Attacks

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Handling expected polynomial-time strategies in simulation-based security proofs

TCC'05 Proceedings of the Second international conference on Theory of Cryptography
Non-interactive zero-knowledge from homomorphic encryption

TCC'06 Proceedings of the Third conference on Theory of Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

Non-malleability is an important security property of commitment schemes. The property means security against the man-in-the-middle attack, and it is defined and proved in the simulation paradigm using the corresponding simulator. Many known non-malleable commitment schemes have the common drawback that their corresponding simulators do not work in a straight-line manner, requires rewinding of the adversary. Due to this fact, such schemes are proved non-malleable only in the stand-alone cases. In the multiple-instances setting, i.e., when the scheme is performed concurrently with many instances of itself, such schemes cannot be proved non-malleable. The paper shows an efficient commitment scheme proven to be non-malleable even in the multiple-instances setting, based on the KEA1 and DDH assumptions. Our scheme has a simulator that works in a straight-line manner by using the KEA1-extractor instead of the rewinding strategy.