Non-malleable Instance-Dependent Commitment in the Standard Model
An instance-dependent commitment (IDC) scheme takes an instance in a promise problem as public input at each time of committing and separately achieves statistical hiding and statistical binding when the instance is from different subsets of the promise. In this paper, we define a new security property called “instance-non-malleability ” for the IDC. It requires the non-malleability of the instances as well as the committed messages. Instance-non-malleability is not only stronger than previous definitions of non-malleability for commitments, but can be achieved in the standard model as well. We also present a general construction of the non-interactive instance-non-malleable IDC.
Keywordsnon-malleability instance-dependent commitment zero-knowledge proof
Unable to display preview. Download preview PDF.
- 1.Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack, pp. 13–25. Springer (1998)Google Scholar
- 2.Di Crescenzo, G., Ishai, Y., Ostrovsky, R.: Non-interactive and non-malleable commitment, pp. 141–150. ACM (1998)Google Scholar
- 3.Damgard, I.: On Σ-protocols (2010), http://www.daimi.au.dk/ivan/Sigma.pdf
- 4.Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography, pp. 542–552. ACM (1991)Google Scholar
- 5.Fischlin, M.: Completely non-malleable schemes. Automata, Languages and Programming, 779–790 (2005)Google Scholar
- 6.Goldreich, O.: On promise problems (a survey in memory of Shimon Even (1935-2004)). ECCC, TR05-018 127, 128 (2005)Google Scholar
- 7.Ong, S., Vadhan, S.: An equivalence between zero knowledge and commitments. Theory of Cryptography, 482–500 (2008)Google Scholar
- 8.Sahai, A.: Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security. In: 40th FOCS, pp. 543–553 (1999)Google Scholar
- 11.Pass, R., Rosen, A.: New and improved constructions of non-malleable cryptographic protocols. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pp. 542–552 (2005)Google Scholar