Improved Non-committing Encryption with Applications to Adaptively Secure Protocols

  • Seung Geol Choi
  • Dana Dachman-Soled
  • Tal Malkin
  • Hoeteck Wee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)


We present a new construction of non-committing encryption schemes. Unlike the previous constructions of Canetti et al. (STOC ’96) and of Damgård and Nielsen (Crypto ’00), our construction achieves all of the following properties:
  • Optimal round complexity. Our encryption scheme is a 2-round protocol, matching the round complexity of Canetti et al. and improving upon that in Damgård and Nielsen.

  • Weaker assumptions. Our construction is based on trapdoor simulatable cryptosystems, a new primitive that we introduce as a relaxation of those used in previous works. We also show how to realize this primitive based on hardness of factoring.

  • Improved efficiency. The amortized complexity of encrypting a single bit is O(1) public key operations on a constant-sized plaintext in the underlying cryptosystem.

As a result, we obtain the first non-committing public-key encryption schemes under hardness of factoring and worst-case lattice assumptions; previously, such schemes were only known under the CDH and RSA assumptions. Combined with existing work on secure multi-party computation, we obtain protocols for multi-party computation secure against a malicious adversary that may adaptively corrupt an arbitrary number of parties under weaker assumptions than were previously known. Specifically, we obtain the first adaptively secure multi-party protocols based on hardness of factoring in both the stand-alone setting and the UC setting with a common reference string.


public-key encryption adaptive corruption non-committing encryption secure multi-party computation 


  1. [b88]
    Bach, E.: How to generate factored random numbers. SIAM J. Comput. 17(2), 179–193 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  2. [b97]
    Beaver, D.: Plug and play encryption. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 75–89. Springer, Heidelberg (1997)Google Scholar
  3. [b98]
    Beaver, D.: Adaptively secure oblivious transfer. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 300–314. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. [bh92]
    Beaver, D., Haber, S.: Cryptographic protocols provably secure against dynamic adversaries. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 307–323. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  5. [c00]
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptology 13(1), 143–202 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  6. [cdsmw09]
    Choi, S.G., Dachman-Soled, D., Malkin, T., Wee, H.: Simple, black-box constructions of adaptively secure protocols. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 387–402. Springer, Heidelberg (2009)Google Scholar
  7. [cfgn96]
    Canetti, R., Feige, U., Goldreich, O., Naor, M.: Adaptively secure multi-party computation. In: STOC, pp. 639–648 (1996), Longer version
  8. [chk05]
    Canetti, R., Halevi, S., Katz, J.: Adaptively-secure, non-interactive public-key encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 150–168. Springer, Heidelberg (2005)Google Scholar
  9. [clos02]
    Canetti, R., Lindell, Y., Ostrovsky, R., Sahai, A.: Universally composable two-party and multi-party secure computation. In: STOC, pp. 494–503 (2002)Google Scholar
  10. [dn00]
    Damgård, I.B., Nielsen, J.B.: Improved non-committing encryption schemes based on a general complexity assumption. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 432–450. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. [dp92]
    De Santis, A., Persiano, G.: Zero-knowledge proofs of knowledge without interaction. In: FOCS, pp. 427–436 (1992)Google Scholar
  12. [ff02]
    Fischlin, M., Fischlin, R.: The representation problem based on factoring. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 96–113. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. [g04]
    Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. II. Cambridge University Press, Cambridge (2004)zbMATHGoogle Scholar
  14. [gm84]
    Goldwasser, S., Micali, S.: Probabilistic encryption. J. Comput. Syst. Sci. 28(2), 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  15. [gm04]
    Granville, A., Martin, G.: Prime number races (2004),
  16. [gpv08]
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC, pp. 197–206 (2008)Google Scholar
  17. [gwz09]
    Garay, J.A., Wichs, D., Zhou, H.-S.: Somewhat non-committing encryption and efficient adaptively secure oblivious transfer. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 505–523. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. [h99]
    Halevi, S.: Efficient commitment schemes with bounded sender and unbounded receiver. J. Cryptology 12(2), 77–89 (1999)zbMATHCrossRefGoogle Scholar
  19. [ips08]
    Ishai, Y., Prabhakaran, M., Sahai, A.: Founding cryptography on oblivious transfer – efficiently. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 572–591. Springer, Heidelberg (2008)Google Scholar
  20. [jl00]
    Jarecki, S., Lysyanskaya, A.: Adaptively secure threshold cryptography: Introducing concurrency, removing erasures (Extended abstract). In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 221–242. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. [k02]
    Kalai, A.: Generating random factored numbers, easily. In: SODA, pp. 412–412 (2002)Google Scholar
  22. [ko04]
    Katz, J., Ostrovsky, R.: Round-optimal secure two-party computation. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 335–354. Springer, Heidelberg (2004)Google Scholar
  23. [pvw08]
    Peikert, C., Vaikuntanathan, V., Waters, B.: A framework for efficient and composable oblivious transfer. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 554–571. Springer, Heidelberg (2008)Google Scholar
  24. [rs94]
    Rubinstein, M., Sarnak, P.: Chebyshevs bias. Experiment. Math 3(3), 173–197 (1994)zbMATHMathSciNetGoogle Scholar
  25. [s96]
    Schnorr, C.-P.: Security of 2t-root identification and signatures. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 143–157. Springer, Heidelberg (1996)Google Scholar
  26. [y82]
    Yao, A.C.-C.: Theory and applications of trapdoor functions. In: FOCS, pp. 80–91 (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Seung Geol Choi
    • 1
  • Dana Dachman-Soled
    • 1
  • Tal Malkin
    • 1
  • Hoeteck Wee
    • 2
  1. 1.Columbia University 
  2. 2.Queens College, CUNY 

Personalised recommendations