Abstract
Non-malleability protects against man-in-the middle attacks on cryptographic protocols. Non-malleable commitment schemes, for example, assure that a commitment of a message does not help to produce a commitment of a related message. Here we present efficient constructions of such commitment schemes in the common reference string model, based on standard assumptions such as RSA, factoring or discrete logarithm. Our protocols require only three rounds and a few modular exponentiations, and provide statistical or even perfect secrecy of committed values.
We also discuss differences between the notion of non-malleable commitment schemes used in previous works by Dolev, Dwork and Naor and by Di Crescenzo, Ishai and Ostrovsky. The former definition requires that it is infeasible to find a commitment such that there exists an encapsulated message which is related to another committed value (non-malleability with respect to commitment). The second approach allows the existence of such messages, but then it is hard to find them and to output them in the opening phase (non-malleability with respect to opening). We note that our solutions are of the second type.
Article PDF
Similar content being viewed by others
References
B. Barak, Constant-round coin-tossing with a man in the middle or realizing the shared random string model, in Proceedings of 43rd IEEE Symposium on Foundations of Computer Science (FOCS) (IEEE Computer Society Press, Los Alamitos, 2002)
M. Bellare, O. Goldreich, On defining proofs of knowledge, in Advances in Cryptology, Proceedings Crypto ’92. Lecture Notes in Computer Science, vol. 740 (Springer, Berlin, 1993), pp. 390–420
M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in First ACM Conference on Computer and Communication Security (ACM, New York, 1993), pp. 62–73
M. Bellare, P. Rogaway, Optimal asymmetric encryption, in Advances in Cryptology, Proceedings Eurocrypt ’94. Lecture Notes in Computer Science, vol. 950 (Springer, Berlin, 1993), pp. 92–111
D. Boneh, Finding smooth integers using CRT decoding, in Proceedings of the 32nd Annual ACM Symposium on Theory of Computing (STOC) (ACM, New York, 2000)
G. Brassard, D. Chaum, C. Crépeau, Minimum disclosure proofs of knowledge. J. Comput. Syst. Sci. 37(2), 156–189 (1988)
I. Damgård, T. Pedersen, B. Pfitzmann, On the existence of statistically hiding bit commitment schemes and fail-stop signatures, in Advances in Cryptology, Proceedings Crypto ’93. Lecture Notes in Computer Science, vol. 773 (Springer, Berlin, 1993), pp. 250–265
R. Canetti, M. Fischlin, Universally composable commitments, in Advances in Cryptology, Proceedings Crypto 2001. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 19–40
R. Canetti, O. Goldreich, S. Halevi, The random oracle methodology, revisited, in Proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC) (ACM, New York, 1998), pp. 209–218
R. Canetti, O. Goldreich, S. Goldwasser, S. Micali, Resettable zero-knowledge, in Proceedings of the 32nd Annual ACM Symposium on Theory of Computing (STOC) (ACM, New York, 2000)
R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two-party and multi-party secure computation, in Proceedings of the 34th Annual ACM Symposium on Theory of Computing (STOC) (ACM, New York, 2002), pp. 459–503
R. Cramer, V. Shoup, Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur. (ACM TISSEC) 3(3), 161–185 (2000)
R. Cramer, V. Shoup, Design and analysis of practical public key cryptosystem provable secure against adaptive chosen ciphertext attack. SIAM J. Comput. 33, 167–226 (2003)
I. Damgård, J. Groth, Non-interactive and reusable non-malleable commitment schemes, in Proceedings of the 35th Annual ACM Symposium on Theory of Computing (STOC) (ACM, New York, 2003), pp. 426–437
I. Damgård, J. Nielsen, Perfect hiding and perfect binding universally composable commitment schemes with constant expansion factor, in Advances in Cryptology, Crypto 2002. Lecture Notes in Computer Science, vol. 2442 (Springer, Berlin, 2002), pp. 581–596
G. Di Crescenzo, Y. Ishai, R. Ostrovsky, Non-interactive and non-malleable commitment, in Proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC) (ACM, New York, 1998), pp. 141–150
G. Di Crescenzo, J. Katz, R. Ostrovsky, A. Smith, Efficient and non-interactive non-malleable commitment, in Advances in Cryptology, Proceedings Eurocrypt 2001. Lecture Notes in Computer Science, vol. 2045 (Springer, Berlin, 2001), pp. 40–59
D. Dolev, C. Dwork, M. Naor, Non-malleable cryptography. SIAM J. Comput. 30(2), 391–437 (2000)
U. Feige, A. Shamir, Zero-knowledge proofs in two rounds, in Advances in Cryptology, Proceedings of Crypto ’89. Lecture Notes in Computer Science, vol. 435 (Springer, Berlin, 1990), pp. 526–544
U. Feige, A. Fiat, A. Shamir, Zero-knowledge proofs of identity. J. Cryptol. 1(2), 77–94 (1988)
A. Fiat, A. Shamir, How to prove yourself: practical solutions to identification and signature schemes, in Advances in Cryptology, Crypto ’86. Lecture Notes in Computer Science, vol. 263 (Springer, Berlin, 1986), pp. 186–194
A. Fiat, A. Shamir, Witness indistinguishable and witness hiding protocols, in Proceedings of the 22nd Annual ACM Symposium on the Theory of Computing (STOC) (ACM, New York, 1990), pp. 416–426
M. Fischlin, Completely non-malleable schemes, in ICALP 2005. Lecture Notes in Computer Science, vol. 3580 (Springer, Berlin, 2005), pp. 779–790
M. Fischlin, R. Fischlin, Efficient non-malleable commitment schemes, in Advances in Cryptology, Crypto 2000. Lecture Notes in Computer Science, vol. 1880 (Springer, Berlin, 2000), pp. 414–432
M. Fischlin, R. Fischlin, The representation problem based on factoring, in RSA Cryptographer’s Track 2002. Lecture Notes in Computer Science, vol. 2271 (Springer, Berlin, 2002), pp. 96–113
R. Gennaro, Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks, in Advances in Cryptology, Proceedings Crypto 2004. Lecture Notes in Computer Science, vol. 3152 (Springer, Berlin, 2004), pp. 220–236
O. Goldreich, Foundations of Cryptography, Fragments of a Book, Version 2.03 (1998)
O. Goldreich, Y. Lindell, Session-key generation using human passwords only, in Advances in Cryptology, Proceedings Crypto 2001. Lecture Notes in Computer Science, vol. 2139 (Springer, Berlin, 2001), pp. 408–432
V. Guruswami, A. Sahai, M. Sudhan, “Soft-decision” decoding of Chinese remainder theorem, in Proceedings of 41st IEEE Symposium on Foundations of Computer Science (FOCS) (IEEE Computer Society Press, Los Alamitos, 2000)
S. Halevi, S. Micali, Practical and provably-secure commitment schemes from collision-free hashing, in Advances in Cryptology, Proceedings Crypto ’96. Lecture Notes in Computer Science, vol. 1109 (Springer, Berlin, 1996), pp. 201–215
J. Håstad, R. Impagliazzo, L.A. Levin, M. Luby, A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)
R. Impagliazzo, M. Luby, One-way functions are essential for complexity based cryptography, in Proceedings of 30th IEEE Symposium on Foundations of Computer Science (FOCS) (IEEE Computer Society Press, Los Alamitos, 1989), pp. 230–235
D.E. Knuth, Seminumerical Algorithms, 3rd edn. The Art of Computer Programming, vol. 2 (Addison–Wesley, Reading, 1998)
A. Lenstra, E. Verheul, Selecting cryptographic key sizes. J. Cryptol. 14, 255–293 (2001)
M. Liskov, A. Lysyanskaya, S. Micali, L. Reyzin, A. Smith, Mutually independent commitments, in Advances in Cryptology, Asiacrypt 2001. Lecture Notes in Computer Science, vol. 2248 (Springer, Berlin, 2001), pp. 385–401
P. MacKenzie, K. Yang, On simulation-sound trapdoor commitments, in Advances in Cryptology, Proceedings Eurocrypt 2004. Lecture Notes in Computer Science, vol. 3027 (Springer, Berlin, 2004), pp. 382–400
U. Maurer, Fast generation of prime numbers and secure public-key cryptographic parameters. J. Cryptol. 8, 123–155 (1995)
S. Micali, M. Rabin, S. Vadhan, Verifiable random functions, in Proceedings of the 40th IEEE Symposium on Foundations of Computer Science (FOCS) (IEEE Computer Society Press, Los Alamitos, 1999), pp. 120–130
M. Naor, Bit commitment using pseudo-randomness. J. Cryptol. 4, 151–158 (1991)
M. Naor, M. Yung, Universal one-way hash functions and their cryptographic applications, in Proceedings of the 21st Annual ACM Symposium on the Theory of Computing (STOC) (1989), pp. 33–43
T. Okamoto, Provable secure and practical identification schemes and corresponding signature schemes, in Advances in Cryptology, Proceedings Crypto ’92. Lecture Notes in Computer Science, vol. 740 (Springer, Berlin, 1993), pp. 31–53
R. Pass, A. Rosen, Concurrent non-malleable commitments, in Proceedings of the 46th IEEE Symposium on Foundations of Computer Science (FOCS) (IEEE Computer Society Press, Los Alamitos, 2005), pp. 563–572
T.P. Pedersen, Non-interactive and information-theoretical secure verifiable secret sharing, in Crypto ’91. Lecture Notes in Computer Science, vol. 576 (Springer, Berlin, 1991), pp. 129–140
M. Prabhakaran, A. Sahai, New notions of security: achieving universal composability without trusted setup, in Proceedings of the Annual ACM Symposium on the Theory of Computing (STOC) (2004), pp. 242–251
M. Sudan, Ideal error-correcting codes: unifying algebraic and number-theoretic algorithms, in Proceedings of the 14th Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting (AAECC-14). Lecture Notes in Computer Science, vol. 2227 (Springer, Berlin, 2001), pp. 36–45
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by Cynthia Dworh
Rights and permissions
About this article
Cite this article
Fischlin, M., Fischlin, R. Efficient Non-malleable Commitment Schemes. J Cryptol 22, 530–571 (2009). https://doi.org/10.1007/s00145-009-9045-2
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00145-009-9045-2