Witness indistinguishable and witness hiding protocols
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Non-interactive and non-malleable commitment
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Multiple NonInteractive Zero Knowledge Proofs Under General Assumptions
SIAM Journal on Computing
Constant-Round Coin-Tossing with a Man in the Middle or Realizing the Shared Random String Model
FOCS '02 Proceedings of the 43rd Symposium on Foundations of Computer Science
Efficient and Non-interactive Non-malleable Commitment
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
New and improved constructions of non-malleable cryptographic protocols
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Concurrent Non-Malleable Commitments
FOCS '05 Proceedings of the 46th Annual IEEE Symposium on Foundations of Computer Science
Concurrent Non-Malleable Zero Knowledge
FOCS '06 Proceedings of the 47th Annual IEEE Symposium on Foundations of Computer Science
Concurrent Nonmalleable Commitments
SIAM Journal on Computing
Proofs that yield nothing but their validity and a methodology of cryptographic protocol design
SFCS '86 Proceedings of the 27th Annual Symposium on Foundations of Computer Science
Constant-Round Concurrent Non-malleable Zero Knowledge in the Bare Public-Key Model
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Constant-Round concurrent non-malleable statistically binding commitments and decommitments
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Constant-Round non-malleable commitments from sub-exponential one-way functions
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Concurrent non-malleable statistically hiding commitment
Information Processing Letters
New constructions of efficient simulation-sound commitments using encryption and their applications
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Concurrent non-malleable witness indistinguishable argument from any one-way function
Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
Revisiting lower and upper bounds for selective decommitments
TCC'13 Proceedings of the 10th theory of cryptography conference on Theory of Cryptography
Hi-index | 0.02 |
In this paper we consider commitment schemes that are secure against concurrent man-in-the-middle (cMiM) attacks. Under such attacks, two possible notions of security for commitment schemes have been proposed in the literature: concurrent non-malleability with respect to commitment and concurrent non-malleability with respect to decommitment (i.e., opening). After the original notion of non-malleability introduced by [Dolev, Dwork and Naor STOC 91] that is based on the independence of the committed messages, a new and stronger simulation-based notion of non-malleability has been proposed with respect to openings or with respect to commitment [1,2,3,4] by requiring that for any man-in-the-middle adversary there is a stand-alone adversary that succeeds with the same probability. When commitment schemes are used as sub-protocols (which is often the case) the simulation-based notion is much more powerful and simplifies the task of proving the security of the larger protocols. The main result of this paper is a commitment scheme that is simulation-based concurrent non-malleable with respect to both commitment and decommitment . This property protects against cMiM attacks mounted during both commitments and decommitments which is a crucial security requirement in several applications, as in some digital auctions, in which players have to perform both commitments and decommitments. Our scheme uses a constant number of rounds of interaction in the plain model and is the first scheme that enjoys all these properties under the simulation-based definitions.