Additively Homomorphic UC Commitments with Optimal Amortized Overhead

  • Ignacio CascudoEmail author
  • Ivan Damgård
  • Bernardo David
  • Irene Giacomelli
  • Jesper Buus Nielsen
  • Roberto Trifiletti
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9020)


We propose the first UC secure commitment scheme with (amortized) computational complexity linear in the size of the string committed to. After a preprocessing phase based on oblivious transfer, that only needs to be done once and for all, our scheme only requires a pseudorandom generator and a linear code with efficient encoding. We also construct an additively homomorphic version of our basic scheme using VSS. Furthermore we evaluate the concrete efficiency of our schemes and show that the amortized computational overhead is significantly lower than in the previous best constructions. In fact, our basic scheme has amortised concrete efficiency comparable with previous protocols in the Random Oracle Model even though it is constructed in the plain model.


Commitment Scheme Random Oracle Model Setup Phase Pseudorandom Generator Oblivious Transfer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [BCPV13]
    Blazy, O., Chevalier, C., Pointcheval, D., Vergnaud, D.: Analysis and improvement of Lindell’s UC-secure commitment schemes. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 534–551. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  2. [BCR86]
    Brassard, G., Crepeau, C., Robert, J.-M.: Information theoretic reductions among disclosure problems. In: 27th Annual Symposium on Foundations of Computer Science 1986, pp. 168–173 (October 1986)Google Scholar
  3. [BR93]
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, pp. 62–73. ACM, New York (1993)Google Scholar
  4. [Can01]
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS [DBL01], pp. 136–145Google Scholar
  5. [CDD+14]
    Cascudo, I., Damgård, I., David, B., Giacomelli, I., Buus Nielsen, J.B., Trifiletti, R.: Additively homomorphic UC commitments with optimal amortized overhead. Cryptology ePrint Archive, Report 2014/829 (2014), Full version of PKC 2015 paperGoogle Scholar
  6. [CDP12]
    Cramer, R., Damgård, I., Pastro, V.: On the amortized complexity of zero knowledge protocols for multiplicative relations. In: Smith, A. (ed.) ICITS 2012. LNCS, vol. 7412, pp. 62–79. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  7. [CF01]
    Canetti, R., Fischlin, M.: Universally composable commitments. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 19–40. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  8. [CLOS02]
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: STOC, pp. 494–503 (2002)Google Scholar
  9. [DBL01]
    42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, October 14–17, Las Vegas, Nevada, USA. IEEE Computer Society (2001)Google Scholar
  10. [DDGN14]
    Damgård, I., David, B., Giacomelli, I., Nielsen, J.B.: Compact VSS and efficient homomorphic UC commitments. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014, Part II. LNCS, vol. 8874, pp. 213–232. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  11. [DG03]
    Damgård, I., Groth, J.: Non-interactive and reusable non-malleable commitment schemes. In: Larmore and Goemans [LG03], pp. 426–437Google Scholar
  12. [DI14]
    Druk, E., Ishai, Y.: Linear-time encodable codes meeting the Gilbert-Varshamov bound and their cryptographic applications. In: Naor, M. (ed.) Innovations in Theoretical Computer Science, ITCS 2014, Princeton, NJ, USA, January 12–14, pp. 169–182. ACM (2014)Google Scholar
  13. [DNO10]
    Damgård, I., Nielsen, J.B., Orlandi, C.: On the necessary and sufficient assumptions for UC computation. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 109–127. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  14. [DSW08]
    Dodis, Y., Shoup, V., Walfish, S.: Efficient constructions of composable commitments and zero-knowledge proofs. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 515–535. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  15. [EFLL12]
    Ejgenberg, Y., Farbstein, M., Levy, M., Lindell, Y.: Scapi: The secure computation application programming interface. Cryptology ePrint Archive, Report 2012/629 (2012).
  16. [GI01]
    Guruswam, V., Indyk, P.: Expander-based constructions of efficiently decodable codes. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, Las Vegas, Nevada, USA, October 14–17 [DBL01], pp. 658–667 (2001)Google Scholar
  17. [GI02]
    Guruswami, V., Indyk, P.: Near-optimal linear-time codes for unique decoding and new list-decodable codes over smaller alphabets. In: Reif, J.H. (ed.) Proceedings on 34th Annual ACM Symposium on Theory of Computing, Montréal, Québec, Canada, May 19–21, pp. 812–821. ACM (2002)Google Scholar
  18. [GI03]
    Guruswami, V., Indyk, P.: Linear time encodable and list decodable codes. In: Larmore and Goemans [LG03], pp. 126–135Google Scholar
  19. [GI05]
    Guruswami, V., Indyk, P.: Linear-time encodable/decodable codes with near-optimal rate. IEEE Transactions on Information Theory 51(10), 3393–3400 (2005)CrossRefzbMATHMathSciNetGoogle Scholar
  20. [GIKW14]
    Garay, J.A., Ishai, Y., Kumaresan, R., Wee, H.: On the complexity of UC commitments. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 677–694. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  21. [HM04]
    Hofheinz, D., Müller-Quade, J.: Universally composable commitments using random oracles. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 58–76. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  22. [IPS09]
    Ishai, Y., Prabhakaran, M., Sahai, A.: Secure arithmetic computation with no honest majority. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 294–314. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  23. [LG03]
    Larmore, L.L., Goemans, M.X. (eds.) Proceedings of the 35th Annual ACM Symposium on Theory of Computing, San Diego, CA, USA, June 9–11. ACM (2003)Google Scholar
  24. [Lin11]
    Lindell, Y.: Highly-efficient universally-composable commitments based on the DDH assumption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 446–466. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  25. [MS78]
    MacWilliams, F.J., Sloane, N.J.A.: The Theory of Error-Correcting Codes. 2nd edn. North-Holland Publishing Company (1978)Google Scholar
  26. [Nao91]
    Naor, M.: Bit commitment using pseudorandomness. J. Cryptology 4(2), 151–158 (1991)CrossRefzbMATHGoogle Scholar
  27. [NP99]
    Naor, M., Pinkas, B.: Oblivious transfer with adaptive queries. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 573–590. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  28. [PVW08]
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  29. [Spi96]
    Spielman, D.A.: Linear-time encodable and decodable error-correcting codes. IEEE Transactions on Information Theory 42(6), 1723–1731 (1996)CrossRefzbMATHMathSciNetGoogle Scholar
  30. [VZ12]
    Vadhan, S., Zheng, C.J.: Characterizing pseudoentropy and simplifying pseudorandom generator constructions. In: Proceedings of the 44th Symposium on Theory of Computing, pp. 817–836. ACM (2012)Google Scholar

Copyright information

© International Association for Cryptologic Research 2015

Authors and Affiliations

  • Ignacio Cascudo
    • 1
    Email author
  • Ivan Damgård
    • 1
  • Bernardo David
    • 1
  • Irene Giacomelli
    • 1
  • Jesper Buus Nielsen
    • 1
  • Roberto Trifiletti
    • 1
  1. 1.Department of Computer ScienceAarhus UniversityAarhusDenmark

Personalised recommendations