Mercurial commitments: Minimal assumptions and efficient constructions

Dario Catalano; Yevgeniy Dodis; Ivan Visconti

doi:10.1007/11681878_7

Mercurial commitments

Minimal assumptions and efficient constructions

Dario Catalano, Yevgeniy Dodis, Ivan Visconti

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

(Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

Original language	English (US)
Title of host publication	Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings
Pages	120-144
Number of pages	25
Volume	3876 LNCS
DOIs	https://doi.org/10.1007/11681878_7
State	Published - 2006
Event	3rd Theory of Cryptography Conference, TCC 2006 - New York, NY, United States Duration: Mar 4 2006 → Mar 7 2006

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3876 LNCS
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Other

Other	3rd Theory of Cryptography Conference, TCC 2006
Country	United States
City	New York, NY
Period	3/4/06 → 3/7/06

Fingerprint

Hash functions

Flavors

Zero-knowledge

Commitment

Imply

One-way Function

Hash Function

Model

Building Blocks

Strictly

Collision

Strings

ASJC Scopus subject areas

Computer Science(all)
Biochemistry, Genetics and Molecular Biology(all)
Theoretical Computer Science

Cite this

Catalano, D., Dodis, Y., & Visconti, I. (2006). Mercurial commitments: Minimal assumptions and efficient constructions. In Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings (Vol. 3876 LNCS, pp. 120-144). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3876 LNCS). https://doi.org/10.1007/11681878_7

Mercurial commitments : Minimal assumptions and efficient constructions. / Catalano, Dario; Dodis, Yevgeniy; Visconti, Ivan.

Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS 2006. p. 120-144 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3876 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Catalano, D, Dodis, Y & Visconti, I 2006, Mercurial commitments: Minimal assumptions and efficient constructions. in Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. vol. 3876 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3876 LNCS, pp. 120-144, 3rd Theory of Cryptography Conference, TCC 2006, New York, NY, United States, 3/4/06. https://doi.org/10.1007/11681878_7

Catalano D, Dodis Y, Visconti I. Mercurial commitments: Minimal assumptions and efficient constructions. In Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS. 2006. p. 120-144. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11681878_7

Catalano, Dario ; Dodis, Yevgeniy ; Visconti, Ivan. / Mercurial commitments : Minimal assumptions and efficient constructions. Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings. Vol. 3876 LNCS 2006. pp. 120-144 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{0161fa21b8634e47bf150bdbdcac39cc,

title = "Mercurial commitments: Minimal assumptions and efficient constructions",

abstract = "(Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that {"}if this commitment can be opened at all, then it would open to this message{"}. Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.",

author = "Dario Catalano and Yevgeniy Dodis and Ivan Visconti",

year = "2006",

doi = "10.1007/11681878_7",

language = "English (US)",

isbn = "3540327312",

volume = "3876 LNCS",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "120--144",

booktitle = "Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings",

}

TY - GEN

T1 - Mercurial commitments

T2 - Minimal assumptions and efficient constructions

AU - Catalano, Dario

AU - Dodis, Yevgeniy

AU - Visconti, Ivan

PY - 2006

Y1 - 2006

N2 - (Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

AB - (Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

UR - http://www.scopus.com/inward/record.url?scp=33745523137&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745523137&partnerID=8YFLogxK

U2 - 10.1007/11681878_7

DO - 10.1007/11681878_7

M3 - Conference contribution

SN - 3540327312

SN - 9783540327318

VL - 3876 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 120

EP - 144

BT - Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings

ER -

Access to Document

10.1007/11681878_7