Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor

  • Ivan Damgård
  • Jesper Buus Nielsen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2442)


Canetti and Fischlin have recently proposed the security notion universal composability for commitment schemes and provided two examples. This new notion is very strong. It guarantees that security is maintained even when an unbounded number of copies of the scheme are running concurrently, also it guarantees non-malleability and security against adaptive adversaries. Both proposed schemes use Θ(k) bits to commit to one bit and can be based on the existence of trapdoor commitments and non-malleable encryption.

We present new universally composable commitment (UCC) schemes based on extractable q one-way homomorphisms. These in turn exist based on the Paillier cryptosystem, the Okamoto-Uchiyama cryptosystem, or the DDH assumption. The schemes are efficient: to commit to k bits, they use a constant number of modular exponentiations and communicates O(k) bits. Furthermore the scheme can be instantiated in either perfectly hiding or perfectly binding versions. These are the first schemes to show that constant expansion factor, perfect hiding, and perfect binding can be obtained for universally composable commitments.

We also show how the schemes can be applied to do efficient zeroknowledge proofs of knowledge that are universally composable.


Ideal Functionality Commitment Scheme Message Space Honest Party Probabilistic Polynomial Time 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. Can01.
    Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In 42th Annual Symposium on Foundations of Computer Science. IEEE, 2001.Google Scholar
  2. CD98.
    Ronald Cramer and Ivan Damgaard. Zero-knowledge proofs for finite field arithmetic, or: Can zero-knowledge be for free. In Hugo Krawczyk, editor, Advances in Cryptology-Crypto’ 98, pages 424–441, Berlin, 1998. Springer-Verlag. Lecture Notes in Computer Science Volume 1462.CrossRefGoogle Scholar
  3. CDS94.
    R. Cramer, I. B. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In Yvo Desmedt, editor, Advances in Cryptology-Crypto’ 94, pages 174–187, Berlin, 1994. Springer-Verlag. Lecture Notes in Computer Science Volume 839.Google Scholar
  4. CF01.
    Ran Canetti and Marc Fischlin. Universally composable commitments. In J. Kilian, editor, Advances in Cryptology — Crypto 2001, pages 19–40, Berlin, 2001. Springer-Verlag. Lecture Notes in Computer Science Volume 2139.Google Scholar
  5. Dam00.
    Ivan Damgård. Efficient concurrent zero-knowledge in the auxiliary string model. In Bart Preneel, editor, Advances in Cryptology — EuroCrypt 2000, pages 418–430, Berlin, 2000. Springer-Verlag. Lecture Notes in Computer Science Volume 1807.CrossRefGoogle Scholar
  6. KMO89.
    Joe Kilian, Silvio Micali, and Rafail Ostrovsky. Minimum resource zeroknowledge proofs (extended abstract). In 30th Annual Symposium on Foundations of Computer Science, pages 474–479, Research Triangle Park, North Carolina, 30 October–1 November 1989. IEEE.Google Scholar
  7. OU98.
    Tatsuaki Okamoto and Shigenori Uchiyama. A new public-key cryptosystem as secure as factoring. In K. Nyberg, editor, Advances in Cryptology — EuroCrypt’ 98, pages 308–318, Berlin, 1998. Springer-Verlag. Lecture Notes in Computer Science Volume 1403.CrossRefGoogle Scholar
  8. Pai99.
    P. Paillier. Public-key cryptosystems based on composite degree residue classes. In Jacques Stern, editor, Advances in Cryptology — EuroCrypt’ 99, pages 223–238, Berlin, 1999. Springer-Verlag. Lecture Notes in Computer Science Volume 1592.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Ivan Damgård
    • 1
  • Jesper Buus Nielsen
    • 1
  1. 1.BRICS Department of Computer ScienceUniversity of AarhusArhus CDenmark

Personalised recommendations