Long-Term Secure Commitments via Extractable-Binding Commitments

  • Ahto Buldas
  • Matthias GeihsEmail author
  • Johannes Buchmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10342)


Cryptographic commitments are either unconditionally hiding or unconditionally binding, but cannot be both. As a consequence, the security of commonly used commitment schemes is threatened in the long-term, when adversaries become computationally much more powerful. We improve over this situation by putting forward a new notion of commitment schemes, so called long-term commitment schemes. These schemes allow for long-term protection because they allow to adjust the protection level after the initial commitment. We also present a construction of a long-term commitment scheme. Unfortunately, it seems impossible to prove the security of such a scheme using the traditional commitment binding definition. Therefore, we put forward a new notion of binding commitments, so called extractable-binding commitments, and use this notion to establish a security proof for our proposed long-term commitment scheme.


Commitment Scheme Security Proof Security Notion Random Coin Initial Commitment 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Arora, S., Barak, B.: Computational Complexity: A Modern Approach. Cambridge University Press, Cambridge (2009)CrossRefzbMATHGoogle Scholar
  2. 2.
    Bayer, D., Haber, S., Stornetta, W.S.: Improving the efficiency and reliability of digital time-stamping. In: Capocelli, R., De Santis, A., Vaccaro, U. (eds.) Sequences II: Methods in Communication, Security, and Computer Science, pp. 329–334. Springer, New York (1993)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Desai, A., Jokipii, E., Rogaway, P.: A concrete security treatment of symmetric encryption. In: 38th Annual Symposium on Foundations of Computer Science, FOCS 1997, Miami Beach, Florida, 19–22 October 1997, pp. 394–403 (1997)Google Scholar
  4. 4.
    Bellare, M., Rogaway, P.: The exact security of digital signatures - how to sign with RSA and rabin. In: Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, Advances in Cryptology - EUROCRYPT 1996, Saragossa, Spain, 12–16 May 1996, pp. 399–416 (1996)Google Scholar
  5. 5.
    Bitansky, N., Canetti, R., Chiesa, A., Goldwasser, S., Lin, H., Rubinstein, A., Tromer, E.: The hunting of the SNARK. J. Cryptol. 1–78 (2016). doi: 10.1007/s00145-016-9241-9
  6. 6.
    Brassard, G., Crépeau, C., Mayers, D., Salvail, L.: A brief review on the impossibility of quantum bit commitment. arXiv preprint quant-ph/9712023 (1997)Google Scholar
  7. 7.
    Braun, J., Buchmann, J., Demirel, D., Geihs, M., Fujiwara, M., Moriai, S., Sasaki, M., Waseda, A.: LINCOS: A storage system providing long-term integrity, authenticity, and confidentiality. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2017, pp. 461–468. ACM, New York (2017)Google Scholar
  8. 8.
    Buldas, A., Laur, S.: Knowledge-binding commitments with applications in time-stamping. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 150–165. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-71677-8_11 CrossRefGoogle Scholar
  9. 9.
    Canetti, R., Cheung, L., Kaynar, D., Lynch, N., Pereira, O.: Modeling computational security in long-lived systems. In: Breugel, F., Chechik, M. (eds.) CONCUR 2008. LNCS, vol. 5201, pp. 114–130. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-85361-9_12 CrossRefGoogle Scholar
  10. 10.
    Canetti, R., Dakdouk, R.R.: Towards a theory of extractable functions. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 595–613. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_35 CrossRefGoogle Scholar
  11. 11.
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001). doi: 10.1007/3-540-44647-8_2 CrossRefGoogle Scholar
  12. 12.
    Crescenzo, G.D.: Equivocable and extractable commitment schemes. In: Cimato, S., Persiano, G., Galdi, C. (eds.) SCN 2002. LNCS, vol. 2576, pp. 74–87. Springer, Heidelberg (2003). doi: 10.1007/3-540-36413-7_6 CrossRefGoogle Scholar
  13. 13.
    Dodis, Y., Ristenpart, T., Shrimpton, T.: Salvaging merkle-damgård for practical applications. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 371–388. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01001-9_22 CrossRefGoogle Scholar
  14. 14.
    Geihs, M., Demirel, D., Buchmann, J.: A security analysis of techniques for long-term integrity protection. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST) (2016)Google Scholar
  15. 15.
    Pass, R., Wee, H.: Black-box constructions of two-party protocols from one-way functions. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 403–418. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-00457-5_24 CrossRefGoogle Scholar
  16. 16.
    Schwenk, J.: Modelling time for authenticated key exchange protocols. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 277–294. Springer, Cham (2014). doi: 10.1007/978-3-319-11212-1_16 Google Scholar
  17. 17.
    Turing, A.M.: On computable numbers, with an application to the entscheidungsproblem. Proc. London Math. Soc. 2(1), 230–265 (1937)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Unruh, D.: Computationally binding quantum commitments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 497–527. Springer, Heidelberg (2016). doi: 10.1007/978-3-662-49896-5_18 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Ahto Buldas
    • 1
    • 2
  • Matthias Geihs
    • 3
    Email author
  • Johannes Buchmann
    • 3
  1. 1.Tallinn University of TechnologyTallinnEstonia
  2. 2.Cybernetica ASTallinnEstonia
  3. 3.Darmstadt University of TechnologyDarmstadtGermany

Personalised recommendations