International Journal of Information Security

, Volume 9, Issue 1, pp 33–50 | Cite as

Temporarily hidden bit commitment and lottery applications

  • David M. Goldschlag
  • Stuart G. Stubblebine
  • Paul F. Syverson
Regular Contribution


This paper describes various types of commitment functions that maintain a secret for a predictable time delay or until a moderate and predictable amount of computation has occurred. The properties we set out for such functions are based on their usefulness for various applications, such as publicly verifiable lotteries, rather than for cryptologic investigation of the functions. In these lotteries, winners are chosen fairly using only internal information. Since all this information may be published (even before the lottery closes), anyone can do the calculation and therefore verify that the winner was chosen correctly. Since the calculation uses a delaying or similar function, neither ticket purchasers nor the lottery organizer can take advantage of this information. We describe several such lotteries and the security requirements they satisfy, assuming that functions with the properties we state are used.


Timed commitment Predictability Lottery design Public verifiability 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Lomas, M.A., Needham, R.: Strengthening passwords. Technical note 1997-033, SRC, 1997. Published Sept. 4, 1997 (with minor revisions on Dec. 16, 1997) (1997)Google Scholar
  2. 2.
    Bellare, M., Rogoway, P.: Optimal asymmetric encryption. In: Advances in Cryptologoy—CRYPTO ’94, pp. 92–111. Springer-Verlag, LNCS 950 (1995)Google Scholar
  3. 3.
    Boneh, D., Naor, M.: Timed commitments (extended abstract). In: Advances in Cryptology—CRYPTO 2000, pp. 236–254. Springer-Verlag, LNCS 1880 (2000)Google Scholar
  4. 4.
    Dingledine, R., Syverson, P.: Reliable MIX cascade networks through reputation. In: Matt Blaze (ed.) Financial Cryptography: FC 2002, 6th Interntaional Conference, Revised Papers, pp. 253–268. Springer-Verlag, LNCS 2357 (2003)Google Scholar
  5. 5.
    Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. In: 23rd ACM Symposium on the Theory of Computing, pp. 542–552. Full version available from authors (1991)Google Scholar
  6. 6.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Technical Report CS95-20, Weizmann Institute, pp. 139–147. Preliminary version in CRYPTO ’92 (1995)Google Scholar
  7. 7.
    Fouque, P.-A., Poupard, G., Stern, J.: Sharing decryption in the context of voting or lotteries. In: Frankel, Y. (ed.) Financial Cryptography: 4th International Conference, FC 2000, Proceedings, pp. 90–104. Springer-Verlag, LNCS 1962 (2001)Google Scholar
  8. 8.
    Franklin, M.K., Malkhi, D.: Auditable metering with lightweight security. In: Hirschfeld, R. (ed.) Financial Cryptography: FC ‘97, Proceedings, pp. 151–160. Springer-Verlag, LNCS 1318 (1998)Google Scholar
  9. 9.
    Garay, J.A., Jakobsson, M.: Timed release of standard digital signatures (extended abstract). In: Blaze, M. (ed.) Financial Cryptography: FC 2002, 6th International Conference, Revised Papers, pp. 168–182. Springer-Verlag, LNCS 2357 (2003)Google Scholar
  10. 10.
    Goldschlag, D.M., Stubblebine, S.G.: Publicly verifiable lotteries: applications of delaying functions. In: Hirschfeld, R. (ed.) Financial Cryptography: FC ’98, Proceedings, pp. 214–226. Springer-Verlag, LNCS 1465 (1998)Google Scholar
  11. 11.
    Kelsey, J., Schneier, B., Hall, C., Wagner, D.: Secure applications of low-entropy keys. In: Information Security Workshop (ISW‘97), Ishikawa Japan, September (1997)Google Scholar
  12. 12.
    Krawczyk, H., Rabin, T.: Chameleon hashing and signatures. In: Proceedings of NDSS 2000, pp. 143–154 (2000)Google Scholar
  13. 13.
    Manber U.: A simple scheme to make passwords based on one-way functions much harder to crack. Comput. Secur. 15(2), 171–176 (1996)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Menezes A., van Oorschot P., Vanstone S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  15. 15.
    Ralph M.: Secure communications over insecure channels. Commun ACM 21(4), 284–299 (1978) AprilMathSciNetGoogle Scholar
  16. 16.
    Rivest, R.L.: Electronic lottery tickets as micropayments. In: Hirschfeld, R. (ed.) Financial Cryptography: FC ‘97, Proceedings, pp. 307–314. Springer-Verlag, LNCS 1318 (1998)Google Scholar
  17. 17.
    Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical Memo MIT/LCS/TR-684, MIT LCS, February (1996)Google Scholar
  18. 18.
    Roman S.: Coding and Information Theory, volume 134 of Graduate Texts in Mathematics. Springer, New York (1992)Google Scholar
  19. 19.
    Schneier B.: Applied Cryptography, Second Edition: Protocols, Algorithms and Source Code in C. Wiley, New York (1996)Google Scholar
  20. 20.
    Stubblebine, S., Syverson, P.: Authentic attributes with fine-grained anonymity protection. In: Frankel, Y. (ed.) Financial Cryptography: 4th International Conference, FC 2000, Proceedings, pp. 276–294. Springer-Verlag, LNCS 1962 (2001)Google Scholar
  21. 21.
    Syverson, P.: Weakly secret bit commitment: applications to lotteries and fair exchange. In: 1998 Computer Security Foundations Workshop (CSFW11), Proceedings, pp. 2–13, Rockport Massachusetts, June (1998)Google Scholar
  22. 22.
    Webster, A.F., Tavares, S.E.: On the design of s-boxes. In: Advances in Cryptology—CRYPTO ’85, pp. 523–534. Springer-Verlag, LNCS 218 (1986)Google Scholar
  23. 23.
    Wheeler, D.: Transactions using bets. In: Lomas, M. (ed.) Security Protocols: 4th International Workshop, pp. 89–92 (1996)Google Scholar

Copyright information

© Springer-Verlag 2009

Authors and Affiliations

  • David M. Goldschlag
    • 1
  • Stuart G. Stubblebine
    • 2
  • Paul F. Syverson
    • 3
  1. 1.Trust Digital, Inc.McLeanUSA
  2. 2.Stubblebine ConsultingLLCMadisonUSA
  3. 3.Center for High Assurance Computer SystemsNaval Research LaboratoryWashingtonUSA

Personalised recommendations