Mercurial commitments

Minimal assumptions and efficient constructions

Dario Catalano, Yevgeniy Dodis, Ivan Visconti

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

(Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

Original languageEnglish (US)
Title of host publicationTheory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings
Pages120-144
Number of pages25
Volume3876 LNCS
DOIs
StatePublished - 2006
Event3rd Theory of Cryptography Conference, TCC 2006 - New York, NY, United States
Duration: Mar 4 2006Mar 7 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3876 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other3rd Theory of Cryptography Conference, TCC 2006
CountryUnited States
CityNew York, NY
Period3/4/063/7/06

Fingerprint

Hash functions
Flavors
Zero-knowledge
Commitment
Imply
One-way Function
Hash Function
Model
Building Blocks
Strictly
Collision
Strings

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Catalano, D., Dodis, Y., & Visconti, I. (2006). Mercurial commitments: Minimal assumptions and efficient constructions. In Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings (Vol. 3876 LNCS, pp. 120-144). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3876 LNCS). https://doi.org/10.1007/11681878_7

Mercurial commitments : Minimal assumptions and efficient constructions. / Catalano, Dario; Dodis, Yevgeniy; Visconti, Ivan.

Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS 2006. p. 120-144 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3876 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Catalano, D, Dodis, Y & Visconti, I 2006, Mercurial commitments: Minimal assumptions and efficient constructions. in Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. vol. 3876 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3876 LNCS, pp. 120-144, 3rd Theory of Cryptography Conference, TCC 2006, New York, NY, United States, 3/4/06. https://doi.org/10.1007/11681878_7
Catalano D, Dodis Y, Visconti I. Mercurial commitments: Minimal assumptions and efficient constructions. In Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS. 2006. p. 120-144. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11681878_7
Catalano, Dario ; Dodis, Yevgeniy ; Visconti, Ivan. / Mercurial commitments : Minimal assumptions and efficient constructions. Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS 2006. pp. 120-144 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{0161fa21b8634e47bf150bdbdcac39cc,
title = "Mercurial commitments: Minimal assumptions and efficient constructions",
abstract = "(Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that {"}if this commitment can be opened at all, then it would open to this message{"}. Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.",
author = "Dario Catalano and Yevgeniy Dodis and Ivan Visconti",
year = "2006",
doi = "10.1007/11681878_7",
language = "English (US)",
isbn = "3540327312",
volume = "3876 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "120--144",
booktitle = "Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings",

}

TY - GEN

T1 - Mercurial commitments

T2 - Minimal assumptions and efficient constructions

AU - Catalano, Dario

AU - Dodis, Yevgeniy

AU - Visconti, Ivan

PY - 2006

Y1 - 2006

N2 - (Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

AB - (Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

UR - http://www.scopus.com/inward/record.url?scp=33745523137&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745523137&partnerID=8YFLogxK

U2 - 10.1007/11681878_7

DO - 10.1007/11681878_7

M3 - Conference contribution

SN - 3540327312

SN - 9783540327318

VL - 3876 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 120

EP - 144

BT - Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings

ER -