### Abstract

(Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

Original language | English (US) |
---|---|

Title of host publication | Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings |

Pages | 120-144 |

Number of pages | 25 |

Volume | 3876 LNCS |

DOIs | |

State | Published - 2006 |

Event | 3rd Theory of Cryptography Conference, TCC 2006 - New York, NY, United States Duration: Mar 4 2006 → Mar 7 2006 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 3876 LNCS |

ISSN (Print) | 03029743 |

ISSN (Electronic) | 16113349 |

### Other

Other | 3rd Theory of Cryptography Conference, TCC 2006 |
---|---|

Country | United States |

City | New York, NY |

Period | 3/4/06 → 3/7/06 |

### Fingerprint

### ASJC Scopus subject areas

- Computer Science(all)
- Biochemistry, Genetics and Molecular Biology(all)
- Theoretical Computer Science

### Cite this

*Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings*(Vol. 3876 LNCS, pp. 120-144). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3876 LNCS). https://doi.org/10.1007/11681878_7

**Mercurial commitments : Minimal assumptions and efficient constructions.** / Catalano, Dario; Dodis, Yevgeniy; Visconti, Ivan.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings.*vol. 3876 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3876 LNCS, pp. 120-144, 3rd Theory of Cryptography Conference, TCC 2006, New York, NY, United States, 3/4/06. https://doi.org/10.1007/11681878_7

}

TY - GEN

T1 - Mercurial commitments

T2 - Minimal assumptions and efficient constructions

AU - Catalano, Dario

AU - Dodis, Yevgeniy

AU - Visconti, Ivan

PY - 2006

Y1 - 2006

N2 - (Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

AB - (Non-interactive) Trapdoor Mercurial Commitments (TMCs) were introduced by Chase et al. [8] and form a key building block for constructing zero-knowledge sets (introduced by Micali, Rabin and Kilian [28]). TMCs are quite similar and certainly imply ordinary (non-interactive) trapdoor commitments (TCs). Unlike TCs, however, they allow for some additional freedom in the way the message is opened: informally, by allowing one to claim that "if this commitment can be opened at all, then it would open to this message". Prior to this work, it was not clear if this addition is critical or not, since all the constructions of TMCs presented in [8] and [28] used strictly stronger assumptions than TCs. We give an affirmative answer to this question, by providing simple constructions of TMCs from any trapdoor bit commitment scheme. Moreover, by plugging in various trapdoor bit commitment schemes, we get, in the trusted parameters (TP) model, all the efficient constructions from [28] and [8], as well as several immediate new (either generic or efficient) constructions. In particular, we get a construction of TMCs from any one-way function in the TP model, and, by using a special flavor of TCs, called hybrid TCs [6], even in the (weaker) shared random string (SRS) model. Our results imply that (a) mercurial commitments can be viewed as surprisingly simple variations of trapdoor commitments; and (b) the existence of non-interactive zero-knowledge sets is equivalent to the existence of collision-resistant hash functions. Of independent interest, we also give a stronger and yet much simpler definition of mercurial commitments than that of [8], which is also met by our constructions in the TP model.

UR - http://www.scopus.com/inward/record.url?scp=33745523137&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745523137&partnerID=8YFLogxK

U2 - 10.1007/11681878_7

DO - 10.1007/11681878_7

M3 - Conference contribution

SN - 3540327312

SN - 9783540327318

VL - 3876 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 120

EP - 144

BT - Theory of Cryptography: Third Theory of Cryptography Conference, TCC 2006, Proceedings

ER -