Reducing Complexity Assumptions for Statistically-Hiding Commitment

  • Iftach Haitner
  • Omer Horvitz
  • Jonathan Katz
  • Chiu-Yuen Koo
  • Ruggero Morselli
  • Ronen Shaltiel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)


Determining the minimal assumptions needed to construct various cryptographic building blocks has been a focal point of research in theoretical cryptography. Here, we revisit the following question: what are the minimal assumptions needed to construct statistically-hiding commitment schemes? Previously, it was known how to construct such schemes based on one-way permutations. We improve upon this by constructing statistically-hiding commitment schemes based on approximable-preimage-size one-way functions. These are one-way functions for which there is an efficient way to approximate the number of preimages of a given output. A special case (for which we show a somewhat simpler construction) is that of regular one-way functions where all outputs have the same number of preimages.

We utilize two different approaches in constructing statistically-hiding commitment schemes. Our first approach proceeds by showing that the scheme of Naor et al. can be implemented using any one-way function having an output distribution which is “sufficiently similar” to uniform. We then construct one-way functions with this property from approximable-preimage-size one-way functions. Our second approach begins by constructing a commitment scheme which is statistically hiding against an honest-but-curious receiver. We then demonstrate a compiler which transforms any such commitment scheme into one which is statistically hiding even against a malicious receiver. This compiler and its analysis may be of independent interest.


Function Family Output Distribution Commitment Scheme Pseudorandom Generator Minimal Assumption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellare, M., Micali, S.: How to sign given any trapdoor permutation. J. ACM 39(1), 214–233 (1992)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Blum, M.: Coin flipping by phone. In: IEEE COMPCOM (1982)Google Scholar
  3. 3.
    Blum, M., Micali, S.: How to generate cryptographically-strong sequences of pseudorandom bits. SIAM J. Computing 13(4), 850–864 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Blum, M., De Santis, A., Micali, S., Persiano, G.: Non-interactive zero-knowledge. SIAM J. Computing 20(6), 1084–1118 (1991)zbMATHCrossRefGoogle Scholar
  5. 5.
    Boyar, J.F., Kurtz, S.A., Krentel, M.W.: Discrete logarithm implementation of perfect zero-knowledge blobs. Journal of Cryptology 2(2), 63–76 (1990)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Brassard, G., Chaum, D., Crépeau, C.: Minimum disclosure proofs of knowledge. J. Computer and System Sciences 37(2), 156–189 (1988)zbMATHCrossRefGoogle Scholar
  7. 7.
    Carter, J.L., Wegman, M.N.: Universal classes of hash functions. J. Computer and System Sciences 18(2), 143–154 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  8. 8.
    Damgård, I., Pedersen, T., Pfitzmann, B.: On the existence of statistically-hiding bit commitment and fail-stop signatures. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 250–265. Springer, Heidelberg (1993)Google Scholar
  9. 9.
    Feige, U., Lapidot, D., Shamir, A.: Multiple non-interactive zero-knowledge proofs under general assumptions. SIAM J. Computing 29(1), 1–28 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Goldreich, O.: Foundations of Cryptography. Basic Tools, vol. 1. Cambridge University Press, Cambridge (2001)zbMATHCrossRefGoogle Scholar
  11. 11.
    Goldreich, O.: Foundations of Cryptography. Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)zbMATHCrossRefGoogle Scholar
  12. 12.
    Goldreich, O., Goldwasser, S., Micali, S.: On the cryptographic applications of random functions. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 276–288. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  13. 13.
    Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Goldreich, O., Impagliazzo, R., Levin, L., Venkatesan, R., Zuckerman, D.: Security preserving amplification of hardness. In: FOCS (1990)Google Scholar
  15. 15.
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for NP. Journal of Cryptology 9(3), 167–190 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Goldreich, O., Krawczyk, H., Luby, M.: On the existence of pseudorandom generators. SIAM J. Computing 22(6), 1163–1175 (1993)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Goldreich, O., Levin, L.A.: Hard-core predicates for any one-way function. In: STOC (1989)Google Scholar
  18. 18.
    Goldwasser, S., Micali, S., Rivest, R.L.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM J. on Computing 17(2), 281–308 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  19. 19.
    Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Impagliazzo, R., Luby, M.: One-way functions are essential for complexity-based cryptography. In: FOCS (1989)Google Scholar
  22. 22.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: STOC (1989)Google Scholar
  23. 23.
    Lindell, Y.: Parallel coin-tossing and constant-round secure two-party computation. Journal of Cryptology 16(3), 143–184 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Naor, M.: Bit commitment using pseudorandomness. Journal of Cryptology 4(2), 151–158 (1991)zbMATHCrossRefGoogle Scholar
  25. 25.
    Naor, M., Ostrovsky, R., Venkatesan, R., Yung, M.: Perfect zero-knowledge arguments for NP using any one-way permutation. J. Crypto. 11(2), 87–108 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic application. In: STOC (1989)Google Scholar
  27. 27.
    Ostrovsky, R., Venkatesan, R., Yung, M.: Secure commitment against a powerful adversary. In: Finkel, A., Jantzen, M. (eds.) STACS 1992. LNCS, vol. 577, Springer, Heidelberg (1992)Google Scholar
  28. 28.
    Ostrovsky, R., Venkatesan, R., Yung, M.: Fair games against an all-powerful adversary. DIMACS Series in Discrete Mathematics and Theoretical Computer Science, vol. 13 (1993)Google Scholar
  29. 29.
    Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: STOC (1990)Google Scholar
  30. 30.
    Russel, A.: Necessary and sufficient conditions for collision-free hashing. J. Cryptology 8(2), 87–100 (1995)MathSciNetGoogle Scholar
  31. 31.
    De Santis, A., Yung, M.: On the design of provably-secure cryptographic hash functions. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 412–431. Springer, Heidelberg (1990)Google Scholar
  32. 32.
    Schmidt, J.P., Siegel, A., Srinivasan, A.: Chernoff-Hoeffding bounds for applications with limited independence. SIAM J. Discrete Math. 8(2), 223–250 (1995)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Iftach Haitner
    • 1
  • Omer Horvitz
    • 2
  • Jonathan Katz
    • 2
  • Chiu-Yuen Koo
    • 2
  • Ruggero Morselli
    • 2
  • Ronen Shaltiel
    • 3
  1. 1.Department of Computer ScienceWeizmann Institute of Science 
  2. 2.Department of Computer ScienceUniversity of Maryland 
  3. 3.Department of Computer ScienceUniversity of Haifa 

Personalised recommendations