Mercurial Commitments with Applications to Zero-Knowledge Sets

Extended Abstract
  • Melissa Chase
  • Alexander Healy
  • Anna Lysyanskaya
  • Tal Malkin
  • Leonid Reyzin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)


We introduce a new flavor of commitment schemes, which we call mercurial commitments. Informally, mercurial commitments are standard commitments that have been extended to allow for soft decommitment. Soft decommitments, on the one hand, are not binding but, on the other hand, cannot be in conflict with true decommitments.

We then demonstrate that a particular instantiation of mercurial commitments has been implicitly used by Micali, Rabin and Kilian to construct zero-knowledge sets. (A zero-knowledge set scheme allows a Prover to (1) commit to a set S in a way that reveals nothing about S and (2) prove to a Verifier, in zero-knowledge, statements of the form xS and xS.) The rather complicated construction of Micali et al. becomes easy to understand when viewed as a more general construction with mercurial commitments as an underlying building block.

By providing mercurial commitments based on various assumptions, we obtain several different new zero-knowledge set constructions.


  1. [BCC88]
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. Journal of Computer and System Sciences 37(2) (1988)Google Scholar
  2. [BDMP91]
    Blum, M., Santis, A.D., Micali, S., Persiano, G.: Non-interactive zero-knowledge. SIAM Journal of Computing 20(6) (1991)Google Scholar
  3. [BY96]
    Bellare, M., Yung, M.: Certifying permutations: non-interactive zero-knowledge based on any trapdoor permutation. J. Cryptology 9(3) (1996)Google Scholar
  4. [Fis01]
    Fischlin, M.: Trapdoor Commitment Schemes and Their Applications. PhD thesis, University of Frankfurt am Main (December 2001)Google Scholar
  5. [FLS99]
    Feige, U., Lapidot, D., Shamir, A.: Multiple noninteractive zero knowledge proofs under general assumptions. SIAM J. Computing 29(1) (1999)Google Scholar
  6. [GM05]
    Gennaro, R., Micali, S.: Independent zero-knowledge sets (2005) (Unpublished manuscript)Google Scholar
  7. [GMR88]
    Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. Computing 17(2) (1988)Google Scholar
  8. [GO92]
    Goldwasser, S., Ostrovsky, R.: Invariant signatures and non-interactive zero-knowledge proofs are equivalent. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 228–245. Springer, Heidelberg (1992)Google Scholar
  9. [HILL99]
    Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Computing 28(4) (1999)Google Scholar
  10. [LL94]
    Lim, C.H., Lee, P.J.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)Google Scholar
  11. [Lys02]
    Lysyanskaya, A.: Unique signatures and verifiable random functions from the DH-DDH separation. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 597. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. [MRK03]
    Micali, S., Rabin, M., Kilian, J.: Zero-knowledge sets. In: Proc. 44th IEEE Symposium on Foundations of Computer Science, FOCS (2003)Google Scholar
  13. [MRV99]
    Micali, S., Rabin, M., Vadhan, S.: Verifiable random functions. In: Proc. 40th IEEE Symposium on Foundations of Computer Science, FOCS (1999)Google Scholar
  14. [Nao91]
    Naor, M.: Bit commitment using pseudorandomness. Journal of Cryptology 4(2), 51–158 (1991)CrossRefGoogle Scholar
  15. [ORS04]
    Ostrovsky, R., Rackoff, C., Smith, A.: Efficient consistency proof on a committed database. In: Díaz, J., Karhumäki, J., Lepistö, A., Sannella, D. (eds.) ICALP 2004. LNCS, vol. 3142, pp. 1041–1053. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. [Ped92]
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Melissa Chase
    • 1
  • Alexander Healy
    • 2
  • Anna Lysyanskaya
    • 1
  • Tal Malkin
    • 3
  • Leonid Reyzin
    • 4
  1. 1.Brown University 
  2. 2.Harvard University 
  3. 3.Columbia University 
  4. 4.Boston University 

Personalised recommendations