Group to Group Commitments Do Not Shrink

  • Masayuki Abe
  • Kristiyan Haralambiev
  • Miyako Ohkubo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7237)


We investigate commitment schemes whose messages, keys, commitments, and decommitments are elements of bilinear groups, and whose openings are verified by pairing product equations. Such commitments facilitate efficient zero-knowledge proofs of knowledge of a correct opening. We show two lower bounds on such schemes: a commitment cannot be shorter than the message and verifying the opening in a symmetric bilinear group setting requires evaluating at least two independent pairing product equations. We also present optimal constructions that match the lower bounds in symmetric and asymmetric bilinear group settings.


Structure-Preserving Commitments Homomorphic Trapdoor Commitments 


  1. 1.
    Abe, M., Fuchsbauer, G., Groth, J., Haralambiev, K., Ohkubo, M.: Structure-Preserving Signatures and Commitments to Group Elements. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 209–236. Springer, Heidelberg (2010)Google Scholar
  2. 2.
    Abe, M., Groth, J., Haralambiev, K., Ohkubo, M.: Optimal Structure-Preserving Signatures in Asymmetric Bilinear Groups. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 649–666. Springer, Heidelberg (2011)Google Scholar
  3. 3.
    Abe, M., Haralambiev, K., Ohkubo, M.: Signing on group elements for modular protocol designs. IACR ePrint Archive, Report 2010/133 (2010)Google Scholar
  4. 4.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Palacio, A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 273–289. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Boneh, D., Boyen, X., Shacham, H.: Short Group Signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Boneh, D., Venkatesan, R.: Breaking RSA May Not Be Equivalent to Factoring. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 59–71. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Camenisch, J., Haralambiev, K., Kohlweiss, M., Lapon, J., Naessens, V.: Structure Preserving CCA Secure Encryption and Applications. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 89–106. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Cathalo, J., Libert, B., Yung, M.: Group Encryption: Non-interactive Realization in the Standard Model. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 179–196. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Chase, M., Kohlweiss, M.: A domain transformation for structure-preserving signatures on group elements. IACR ePrint Archive, Report 2011/342 (2011)Google Scholar
  11. 11.
    Coron, J.-S.: Optimal Security Proofs for PSS and Other Signature Schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Damgård, I.: Towards Practical Public Key Systems Secure against Chosen Ciphertext Attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992)Google Scholar
  13. 13.
    Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Efficient Public-Key Cryptography in the Presence of Key Leakage. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 613–631. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Galbraith, S., Paterson, K., Smart, N.: Pairings for cryptographers. IACR ePrint archive, Report 2006/165 (2006)Google Scholar
  15. 15.
    Galbraith, S.D., Rotger, V.: Easy decision-Diffie-Hellman groups. LMS Journal of Computation and Mathematics 7 (2004)Google Scholar
  16. 16.
    Groth, J.: Homomorphic trapdoor commitments to group elements. IACR ePrint Archive, Report 2009/007 (January 2009)Google Scholar
  17. 17.
    Groth, J.: Efficient Zero-Knowledge Arguments from Two-Tiered Homomorphic Commitments. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 431–448. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    Groth, J., Sahai, A.: Efficient Non-interactive Proof Systems for Bilinear Groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008); Full version available: IACR ePrint Archive 2007/155 CrossRefGoogle Scholar
  19. 19.
    Hada, S., Tanaka, T.: On the Existence of 3-Round Zero-Knowledge Protocols. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 354–369. Springer, Heidelberg (1998); Full version available from IACR e-print archive 1999/009Google Scholar
  20. 20.
    Krawczyk, H., Rabin, T.: Chameleon hashing and signatures. IACR ePrint archive, Report 1998/010 (1998)Google Scholar
  21. 21.
    Schwartz, J.T.: Fast probabilistic algorithms for verification of polynomial identities. Journal of the ACM 27(4) (1980)Google Scholar
  22. 22.
    Scott, M.: Authenticated id-based key exchange and remote log-in with simple token and pin number. IACR ePrint Archive, Report 2002/164 (2002)Google Scholar
  23. 23.
    Verheul, E.R.: Evidence that xtr is more secure than supersingular elliptic curve cryptosystems. J. Cryptology 17(4), 277–296 (2004)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2012

Authors and Affiliations

  • Masayuki Abe
    • 1
  • Kristiyan Haralambiev
    • 2
  • Miyako Ohkubo
    • 3
  1. 1.NTT Information Sharing Platform LaboratoriesJapan
  2. 2.New York UniversityUSA
  3. 3.Security Architecture Laboratory, NSRINICTJapan

Personalised recommendations