On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures

Authors:
Ivan Damgård;Torben P. Pedersen;Birgit Pfitzmann
Affiliations:
-;-;-
Venue:
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
Year:
1993

Citing 9
Cited 1

Privacy amplification by public discussion

SIAM Journal on Computing - Special issue on cryptography
Universal one-way hash functions and their cryptographic applications

STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
The dining cryptographers in the disco: unconditional sender and recipient untraceability with computationally secure serviceability

EUROCRYPT '89 Proceedings of the workshop on the theory and application of cryptographic techniques on Advances in cryptology
A Digital Signature Based on a Conventional Encryption Function

CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
A Design Principle for Hash Functions

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
The MD4 Message Digest Algorithm

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract)

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
New Constructions of Fail-Stop Signatures and Lower Bounds (Extended Abstract)

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
How to make efficient fail-stop signatures

EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques

A New \mathcal{NP}-Complete Problem and Public-Key Identification

Designs, Codes and Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

We show that the existence of a statistically hiding bit commitment scheme with non-interactive opening and public verification implies the existence of fail-stop signatures. Therefore such signatures can now be based on any one-way permutation - the weakest assumption known to be sufficient for fail-stop signatures. We also show that genuinely practical fail-stop signatures follow from the existence of any collision-intractable hash function. A similar idea is used to improve a commitment scheme of Naor and Yung, so that one can commit to several bits with amortized O(1) bits of communication per bit committed to.Conversely, we show that any fail-stop signature scheme with a property we call the almost unique secret key property can be transformed into a statistically hiding bit commitment scheme. All previously known fail-stop signature schemes have this property. We even obtain an equivalence since we can modify the construction of fail-stop signatures from bit commitments such that it has this property.