Reducing Complexity Assumptions for Statistically-Hiding Commitment
Determining the minimal assumptions needed to construct various cryptographic building blocks has been a focal point of research in theoretical cryptography. Here, we revisit the following question: what are the minimal assumptions needed to construct statistically-hiding commitment schemes? Previously, it was known how to construct such schemes based on one-way permutations. We improve upon this by constructing statistically-hiding commitment schemes based on approximable-preimage-size one-way functions. These are one-way functions for which there is an efficient way to approximate the number of preimages of a given output. A special case (for which we show a somewhat simpler construction) is that of regular one-way functions where all outputs have the same number of preimages.
We utilize two different approaches in constructing statistically-hiding commitment schemes. Our first approach proceeds by showing that the scheme of Naor et al. can be implemented using any one-way function having an output distribution which is “sufficiently similar” to uniform. We then construct one-way functions with this property from approximable-preimage-size one-way functions. Our second approach begins by constructing a commitment scheme which is statistically hiding against an honest-but-curious receiver. We then demonstrate a compiler which transforms any such commitment scheme into one which is statistically hiding even against a malicious receiver. This compiler and its analysis may be of independent interest.
KeywordsFunction Family Output Distribution Commitment Scheme Pseudorandom Generator Minimal Assumption
- 2.Blum, M.: Coin flipping by phone. In: IEEE COMPCOM (1982)Google Scholar
- 8.Damgård, I., Pedersen, T., Pfitzmann, B.: On the existence of statistically-hiding bit commitment and fail-stop signatures. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 250–265. Springer, Heidelberg (1993)Google Scholar
- 14.Goldreich, O., Impagliazzo, R., Levin, L., Venkatesan, R., Zuckerman, D.: Security preserving amplification of hardness. In: FOCS (1990)Google Scholar
- 17.Goldreich, O., Levin, L.A.: Hard-core predicates for any one-way function. In: STOC (1989)Google Scholar
- 19.Halevi, S., Micali, S.: Practical and provably-secure commitment schemes from collision-free hashing. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 201–215. Springer, Heidelberg (1996)Google Scholar
- 21.Impagliazzo, R., Luby, M.: One-way functions are essential for complexity-based cryptography. In: FOCS (1989)Google Scholar
- 22.Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: STOC (1989)Google Scholar
- 26.Naor, M., Yung, M.: Universal one-way hash functions and their cryptographic application. In: STOC (1989)Google Scholar
- 27.Ostrovsky, R., Venkatesan, R., Yung, M.: Secure commitment against a powerful adversary. In: Finkel, A., Jantzen, M. (eds.) STACS 1992. LNCS, vol. 577, Springer, Heidelberg (1992)Google Scholar
- 28.Ostrovsky, R., Venkatesan, R., Yung, M.: Fair games against an all-powerful adversary. DIMACS Series in Discrete Mathematics and Theoretical Computer Science, vol. 13 (1993)Google Scholar
- 29.Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: STOC (1990)Google Scholar
- 31.De Santis, A., Yung, M.: On the design of provably-secure cryptographic hash functions. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 412–431. Springer, Heidelberg (1990)Google Scholar