Part of the book series:Lecture Notes in Computer Science ((LNCS,volume 2139))
Included in the following conference series:
Abstract
We propose a new security measure for commitment protocols, calledUniversally Composable (UC) Commitment. The measure guarantees that commitment protocols behave like an “ideal commitment service,” even when concurrently composed with an arbitrary set of protocols. This is a strong guarantee: it implies that security is maintained even when an unbounded number of copies of the scheme are running concurrently, it implies non-malleability (not only with respect to other copies of the same protocol but even with respect to other protocols), it provides resilience to selective decommitment, and more.
Unfortunately, two-party uc commitment protocols do not exist in the plain model. However, we construct two-party uc commitment protocols, based on general complexity assumptions, in thecommon reference string model where all parties have access to a common string taken from a predetermined distribution. The protocols are non-interactive, in the sense that both the commitment and the opening phases consist of a single message from the committer to the receiver.
Part of this work done while visiting IBM T.J. Watson Research Center.
Chapter PDF
Similar content being viewed by others
References
D. Beaver, “Secure Multi-party Protocols and Zero-Knowledge Proof Systems Tolerating a Faulty Minority”, J. Cryptology, Springer-Verlag, (1991) 4: 75–122.
D. Beaver, “Adaptive Zero-Knowledge and Computational Equivocation”,28th Symposium on Theory of Computing (STOC), ACM, 1996.
M. Bellare, A. Boldyreva and S. Micali, “Public-Key Encryption in a Multiuser Setting: Security Proofs and Improvements,”Eurocrypt 2000,pp. 259–274,Springer LNCS1807, 2000.
M Bellare, A. Desai, E. Jokipii and P. Rogaway, “A concrete security treatment of symmetric encryption: Analysis of the DES modes of operations,”38th Annual Symp. on Foundations of Computer Science (FOCS), IEEE, 1997.
M. Bellare, A. Desai, D. Pointcheval and P. Rogaway, “Relations among notions of security for public-key encryption schemes”,CRYPTO’ 98, 1998, pp. 26–40.
M. Blum, S. Micali: How to Generate Cryptographically Strong Sequences of Pseudorandom Bits,SIAM Journal on Computation,Vol. 13,pp. 850–864, 1984.
G. Brassard, D. Chaum and C. Crépeau. Minimum Disclosure Proofs of Knowledge.JCSS, Vol. 37, No. 2, pages 156–189, 1988.
R. Canetti, “Security and composition of multi-party cryptographic protocols”,Journal of Cryptology, Vol. 13, No. 1, winter 2000.
R. Canetti, “A unified framework for analyzing security of Protocols”, manuscript, 2000. Available athttp://eprint.iacr.org/2000/067.
R. Canetti and M. Fischlin, “Universally Composable Commitments”. Available athttp://eprint.iacr.org/2001.
R. Cramer and V. Shoup, “A paractical public-key cryptosystem provably secure against adaptive chosen ciphertext attack”,CRYPTO’ 98, 1998.
I. Damgard, On the existence of bit commitment schemes and zero-knowledge proofs, Advances in Cryptology-Crypto’ 89, pp. 17–29, 1989.
I. Damgard. Efficient Concurrent Zero-Knowledge in the Auxiliary String Model.Eurocrypt 00, LNCS, 2000.
G. Di Crescenzo, Y. Ishai and R. Ostrovsky, Non-interactive and non-malleable commitment,30th STOC, 1998, pp. 141–150.
G. Di Crecenzo, J. Katz, R. Ostrovsky and A. Smith. Efficient and Perfectly-Hiding Non-Interactive, Non-Malleable Commitment.Eurocrypt’ 01, 2001.
Y. Dodis and S. Micali, “Secure Computation”,CRYPTO’ 00, 2000.
D. Dolev, C. Dwork and M. Naor, Non-malleable cryptography,SIAM.. J. Computing, Vol. 30, No. 2, 2000, pp. 391–437. Preliminary version in23rd Symposium on Theory of Computing (STOC), ACM, 1991.
C. Dwork, M. Naor, O. Reingold, and L. Stockmeyer. Magic functions. In40th Annual Symposium on Foundations of Computer Science, pages 523–534. IEEE, 1999.
U. Feige and A. Shamir. Witness Indistinguishability and Witness Hiding Protocols. In22nd STOC, pages 416–426, 1990.
M. Fischlin and R. Fischlin, “Efficient non-malleable commitment schemes”,CRYPTO’ 00,LNCS 1880, 2000, pp. 413–428.
Z. Galil, S. Haber and M. Yung, Cryptographic computation: Secure fauttolerant protocols and the public-key model,CRYPTO’ 87,LNCS 293, Springer-Verlag, 1988, pp. 135–155.
O. Goldreich, “Foundations of Cryptography (Fragments of a book)”, Weizmann Inst. of Science, 1995. (Avaliable athttp://philby.ucsd.edu)
O. Goldreich. “Secure Multi-Party Computation”, 1998. (Avaliable athttp://philby.ucsd.edu)
O. Goldreich, S. Micali and A. Wigderson, “Proofs that yield nothing but their validity or All Languages in NP Have Zero-Knowledge Proof Systems”,Journal of the ACM, Vol 38, No. 1, ACM, 1991, pp. 691–729. Preliminary version in27th Symp. on Foundations of Computer Science (FOCS), IEEE, 1986, pp. 174–187.
O. Goldreich, S. Micali and A. Wigderson, “How to Play any Mental Game”,19th Symposium on Theory of Computing (STOC), ACM, 1987, pp. 218–229.
S. Goldwasser, and L. Levin, “Fair Computation of General Functions in Presence of Immoral Majority”,CRYPTO’ 90,LNCS 537, Springer-Verlag, 1990.
S. Goldwasser, S. Micali and C. Rackoff, “The Knowledge Complexity of Interactive Proof Systems”,SIAM Journal on Comput., Vol. 18, No. 1, 1989, pp. 186–208.
S. Goldwasser, S. Micali, R. Rivest: A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks,SIAM Journal on Computing,Vol. 17,No. 2,pp. 281–308, 1988.
Y. Lindell, private communication, 2000.
S. Micali and P. Rogaway, “Secure Computation”, unpublished manuscript, 1992. Preliminary version inCRYPTO’ 91,LNCS 576, Springer-Verlag, 1991.
M. Naor: Bit Commitment Using Pseudo-Randomness,Journal of Cryptology,vol. 4,pp. 151–158, 1991.
M. Naor, R. Ostrovsky, R. Venkatesan, and M. Yung, Perfect zero-knowledge arguments for NP can be based on general complexity assumptions, Advances in Cryptology-Crypto’ 92, pp. 196–214, 1992.
B. Pfitzmann and M. Waidner, “A general framework for formal notions of secure systems”, Hildesheimer Informatik-Berichte 11/94, Universität Hildesheim, 1994. Available athttp://www.semper.org/sirene/lit.
B. Pfitzmann and M. Waidner, “A model for asynchronous reactive systems and its application to secure message transmission”, IEEE Symposium on Security and Privacy, 2001. See also IBM Research Report RZ 3304 (#93350), IBM Research, Zurich, December 2000.
C. Rackoff and D. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack”,CRYPTO’ 91, 1991.
A. Yao, Theory and applications of trapdoor functions, InProc. 23rd Annual Symp. on Foundations of Computer Science (FOCS), pages 80–91. IEEE, 1982.
Author information
Authors and Affiliations
IBM T.J. Watson Research Center, USA
Ran Canetti
Goethe-University of Frankfurt, Germany
Marc Fischlin
- Ran Canetti
You can also search for this author inPubMed Google Scholar
- Marc Fischlin
You can also search for this author inPubMed Google Scholar
Editor information
Editors and Affiliations
Yianilos Labs., 707 State Rd., Rt. 206, Suite 212, Princeton, NJ, 08540, USA
Joe Kilian
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Canetti, R., Fischlin, M. (2001). Universally Composable Commitments. In: Kilian, J. (eds) Advances in Cryptology — CRYPTO 2001. CRYPTO 2001. Lecture Notes in Computer Science, vol 2139. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44647-8_2
Download citation
Published:
Publisher Name:Springer, Berlin, Heidelberg
Print ISBN:978-3-540-42456-7
Online ISBN:978-3-540-44647-7
eBook Packages:Springer Book Archive
Share this paper
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative