Journal of Cryptology

, Volume 26, Issue 2, pp 251–279

Mercurial Commitments with Applications to Zero-Knowledge Sets

  • Melissa Chase
  • Alexander Healy
  • Anna Lysyanskaya
  • Tal Malkin
  • Leonid Reyzin
Article

DOI: 10.1007/s00145-012-9122-9

Cite this article as:
Chase, M., Healy, A., Lysyanskaya, A. et al. J Cryptol (2013) 26: 251. doi:10.1007/s00145-012-9122-9

Abstract

We introduce a new flavor of commitment schemes, which we call mercurial commitments. Informally, mercurial commitments are standard commitments that have been extended to allow for soft decommitment. Soft decommitments, on the one hand, are not binding but, on the other hand, cannot be in conflict with true decommitments.

We then demonstrate that a particular instantiation of mercurial commitments has been implicitly used by Micali, Rabin and Kilian to construct zero-knowledge sets. (A zero-knowledge set scheme allows a Prover to (1) commit to a set S in a way that reveals nothing about S and (2) prove to a Verifier, in zero-knowledge, statements of the form xS and xS.) The rather complicated construction of Micali et al. becomes easy to understand when viewed as a more general construction with mercurial commitments as an underlying building block.

By providing mercurial commitments based on various assumptions, we obtain several different new zero-knowledge set constructions.

Key words

CommitmentsZero-knowledge setsDatabase privacyVerifiable queriesOutsourced databases

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Melissa Chase
    • 1
  • Alexander Healy
    • 2
  • Anna Lysyanskaya
    • 3
  • Tal Malkin
    • 4
  • Leonid Reyzin
    • 5
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.Division of Engineering and Applied SciencesHarvard UniversityCambridgeUSA
  3. 3.Department of Computer ScienceBrown UniversityProvidenceUSA
  4. 4.Department of Computer ScienceColumbia UniversityNew YorkUSA
  5. 5.Department of Computer ScienceBoston UniversityBostonUSA