Mercurial Commitments with Applications to Zero-Knowledge Sets
- 364 Downloads
We introduce a new flavor of commitment schemes, which we call mercurial commitments. Informally, mercurial commitments are standard commitments that have been extended to allow for soft decommitment. Soft decommitments, on the one hand, are not binding but, on the other hand, cannot be in conflict with true decommitments.
We then demonstrate that a particular instantiation of mercurial commitments has been implicitly used by Micali, Rabin and Kilian to construct zero-knowledge sets. (A zero-knowledge set scheme allows a Prover to (1) commit to a set S in a way that reveals nothing about S and (2) prove to a Verifier, in zero-knowledge, statements of the form x∈S and x∉S.) The rather complicated construction of Micali et al. becomes easy to understand when viewed as a more general construction with mercurial commitments as an underlying building block.
By providing mercurial commitments based on various assumptions, we obtain several different new zero-knowledge set constructions.
Key wordsCommitments Zero-knowledge sets Database privacy Verifiable queries Outsourced databases
Unable to display preview. Download preview PDF.
- D. Catalano, Y. Dodis, I. Visconti, Mercurial commitments: minimal assumptions and efficient constructions, in Third Theory of Cryptography Conference, TCC 2006, ed. by S. Halevi, T. Rabin. Lecture Notes in Computer Science, vol. 3876 (Springer, Berlin, 2006), pp. 120–144 Google Scholar
- M. Fischlin, Trapdoor commitment schemes and their applications. PhD thesis, University of Frankfurt am Main, December 2001 Google Scholar
- M. Fischlin, R. Fischlin, The representation problem based on factoring, in RSA Security 2002 Cryptographer’s Track. Lecture Notes in Computer Science, vol. 2271 (Springer, Berlin, 2002) Google Scholar
- R. Gennaro, S. Micali, Independent zero-knowledge sets, in 33rd International Colloquium on Automata, Languages and Programming (ICALP) (2006) Google Scholar
- S. Goldwasser, R. Ostrovsky, Invariant signatures and non-interactive zero-knowledge proofs are equivalent, in Advances in Cryptology—CRYPTO’92, ed. by E.F. Brickell. Lecture Notes in Computer Science, vol. 740 (Springer, Berlin, 1992), pp. 228–244 Google Scholar
- C.H. Lim, P.J. Lee, More flexible exponentiation with precomputation, in Advances in Cryptology—CRYPTO’94, 21–25 August, ed. by Y.G. Desmedt. Lecture Notes in Computer Science, vol. 839 (Springer, Berlin, 1994), pp. 95–107 Google Scholar
- A. Lysyanskaya, Signature schemes and applications to cryptographic protocol design. PhD thesis, Massachusetts Institute of Technology, Cambridge, Massachusetts, September 2002 Google Scholar
- S. Micali, 6.875: Introduction to Cryptography. MIT course taught in Fall 1997 Google Scholar
- S. Micali, M. Rabin, S. Vadhan, Verifiable random functions, in Proc. 40th IEEE Symposium on Foundations of Computer Science (FOCS) (IEEE Computer Society Press, Los Alamitos, 1999), pp. 120–130 Google Scholar
- S. Micali, M. Rabin, J. Kilian, Zero-knowledge sets, in Proc. 44th IEEE Symposium on Foundations of Computer Science (FOCS) (IEEE Computer Society Press, Los Alamitos, 2003), pp. 80–91 Google Scholar
- R. Ostrovsky, C. Rackoff, A. Smith, Efficient consistency proof on a committed database, in Automata, Languages and Programming: 31st International Colloquium, ICALP 2004, Turku, Finland, July 12–16, 2004. Lecture Notes in Computer Science, vol. 3142 (Springer, Berlin, 2004), pp. 1041–1053 CrossRefGoogle Scholar
- T.P. Pedersen, Non-interactive and information-theoretic secure verifiable secret sharing, in Advances in Cryptology—CRYPTO’91, ed. by J. Feigenbaum. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1992), pp. 129–140 Google Scholar
- M. Prabhakaran, R. Xue, Statistically hiding sets. Cryptology ePrint Archive, Report 2007/349, 2007. http://eprint.iacr.org/