Highly-Efficient Universally-Composable Commitments Based on the DDH Assumption

  • Yehuda Lindell
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6632)

Abstract

Universal composability (a.k.a. UC security) provides very strong security guarantees for protocols that run in complex real-world environments. In particular, security is guaranteed to hold when the protocol is run concurrently many times with other secure and possibly insecure protocols. Commitment schemes are a basic building block in many cryptographic constructions, and as such universally composable commitments are of great importance in constructing UC-secure protocols. In this paper, we construct highly efficient UC-secure commitments from the standard DDH assumption, in the common reference string model. Our commitment stage is non-interactive, has a common reference string with O(1) group elements, and has complexity of O(1) exponentiations for committing to a group element (to be more exact, the effective cost is that of \(23\frac{1}{3}\) exponentiations overall, for both the commit and decommit stages). We present a construction that is secure in the presence of static adversaries, and a construction that is secure in the presence of adaptive adversaries with erasures, where the latter construction has an effective additional cost of just \(5\frac{1}{3}\) exponentiations.

References

  1. 1.
    Bellare, M., Rogaway, P.: Introduction to Modern Cryptography, ch. 7 (course notes) (2007)Google Scholar
  2. 2.
    Ben-David, A., Nisan, N., Pinkas, B.: FairplayMP: a System for Secure Multi-Party Computation. In: The 15th ACM CCS, pp. 257–266 (2008)Google Scholar
  3. 3.
    Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. In: 42nd FOCS, pp. 136–145 (2001), full version http://eprint.iacr.org/2000/067
  4. 4.
    Canetti, R., Fischlin, M.: Universally Composable Commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Krawczyk, H.: Security Analysis of IKE’s Signature-Based Key-Exchange Protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally Composable Two-Party and Multi-Party Computation. In: 34th STOC, pp. 494–503 (2002), full version http://eprint.iacr.org/2002/140
  7. 7.
    Cramer, R., Shoup, V.: A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  8. 8.
    Damgård, I.: On Σ Protocols, http://www.daimi.au.dk/~ivan/Sigma.pdf
  9. 9.
    Damgard, I., Nielsen, J.: Perfect Hiding and Perfect Binding Universally Composable Commitment Schemes with Constant Expansion Factor. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 581–596. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Hazay, C., Lindell, Y.: Efficient Secure Two-Party Protocols – Techniques and Constructions, October 2010. Springer, Heidelberg (2010)MATHCrossRefGoogle Scholar
  11. 11.
    Hazay, C., Katz, J., Koo, C.Y., Lindell, Y.: Concurrently-Secure Blind Signatures without Random Oracles or Setup Assumptions. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 323–341. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Hazay, C., Nissim, K.: Efficient Set Operations in the Presence of Malicious Adversaries. In: Nguyen, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 312–331. Springer, Heidelberg (2010); Full version in the Cryptology ePrint Archive, report 2009/594CrossRefGoogle Scholar
  13. 13.
    Kelsey, J., Schneier, B., Wagner, D.: Protocol Interactions and the Chosen Protocol Attack. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 91–104. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. 14.
    Kol, G., Naor, M.: Cryptography and Game Theory: Designing Protocols for Exchanging Information. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 320–339. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Lindell, Y., Pinkas, B.: Secure Two-Party Computation via Cut-and-Choose Oblivious Transfer. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 329–346. Springer, Heidelberg (2011)Google Scholar
  17. 17.
    Lindell, Y., Pinkas, B., Smart, N.P.: Implementing Two-Party Computation Efficiently with Security Against Malicious Adversaries. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 2–20. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  18. 18.
    Menezes, A., Van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)MATHGoogle Scholar
  19. 19.
    Moran, T., Moore, T.: The Phish-Market Protocol: Securely Sharing Attack Data between Competitors. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 222–237. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Osadchy, M., Pinkas, B., Jarrous, A., Moskovich, B.: SCiFI - A System for Secure Face Identification. In: the 31st IEEE Symposium on Security and Privacy, pp. 239–254 (2010)Google Scholar
  21. 21.
    Paillier, P.: Public-key Cryptosystems Based on Composite Degree Residuosity Classes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 223–238. Springer, Heidelberg (1999)Google Scholar
  22. 22.
    Peikert, C., Vaikuntanathan, V., Waters, B.: A Framework for Efficient and Composable Oblivious Transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)Google Scholar
  23. 23.
    Pinkas, B., Schneider, T., Smart, N.P., Williams, S.C.: Secure Two-Party Computation Is Practical. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 250–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Vanstone, S.: Deployments of Elliptic Curve Cryptography. In: the 9th Workshop on Elliptic Curve Cryptography (ECC) (2005)Google Scholar
  25. 25.
    The Crypto++ Library, http://www.cryptopp.com

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Yehuda Lindell
    • 1
  1. 1.Department of Computer ScienceBar-Ilang UniversityIsrael

Personalised recommendations