Revisiting Lower and Upper Bounds for Selective Decommitments

  • Rafail Ostrovsky
  • Vanishree Rao
  • Alessandra Scafuro
  • Ivan Visconti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7785)


In [6,7], Dwork et al. posed the fundamental question of existence of commitment schemes that are secure against selective opening attacks (SOA, for short). In [2] Bellare, Hofheinz, and Yilek, and Hofheinz in [13] answered it affirmatively by presenting a scheme which is based solely on the non-black-box use of a one-way permutation needing a super-constant number of rounds. This result however opened other challenging questions about achieving a better round complexity and obtaining fully black-box schemes using underlying primitives and code of the adversary in a black-box manner.

Recently, in TCC 2011, Xiao ([23]) investigated on how to achieve (nearly) optimal SOA-secure commitment schemes where optimality is in the sense of both the round complexity and the black-box use of cryptographic primitives. The work of Xiao focuses on a simulation-based security notion of SOA. Moreover, the various results in [23] focus only on either parallel or concurrent SOA.

In this work we first point out various issues in the claims of [23] that actually re-open several of the questions left open in [2,13]. Then, we provide new lower bounds and concrete constructions that produce a very different state-of-the-art compared to the one claimed in [23].


Parallel Composition Random String Commitment Scheme Cryptographic Primitive Round Complexity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bellare, M., Dowsley, R., Waters, B., Yilek, S.: Standard Security Does Not Imply Security against Selective-Opening. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 645–662. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Hofheinz, D., Yilek, S.: Possibility and Impossibility Results for Encryption and Commitment Secure under Selective Opening. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 1–35. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Blum, M.: How to Prove a Theorem So No One Else Can Claim It. In: Proceedings of the International Congress of Mathematicians, pp. 1444–1451 (1986)Google Scholar
  4. 4.
    Canetti, R., Kilian, J., Petrank, E., Rosen, A.: Black-box concurrent zero-knowledge requires omega~(log n) rounds. In: STOC, pp. 570–579 (2001)Google Scholar
  5. 5.
    Di Crescenzo, G., Ostrovsky, R.: On Concurrent Zero-Knowledge with Pre-processing (Extended Abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 485–502. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.: Magic functions. In: 40th Annual Symposium on Foundations of Computer Science, FOCS 1999, pp. 523–534. IEEE Computer Society (1999)Google Scholar
  7. 7.
    Dwork, C., Naor, M., Reingold, O., Stockmeyer, L.: Magic functions. J. ACM 50(6), 852–921 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, STOC, pp. 409–418. ACM (1998)Google Scholar
  9. 9.
    Feige, U., Shamir, A.: Zero Knowledge Proofs of Knowledge in Two Rounds. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 526–544. Springer, Heidelberg (1990)Google Scholar
  10. 10.
    Gennaro, R., Micali, S.: Independent Zero-Knowledge Sets. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 34–45. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Goldreich, O., Kahan, A.: How to construct constant-round zero-knowledge proof systems for np. J. Cryptology 9(3), 167–190 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Goyal, V., Lee, C.K., Ostrovsky, R., Visconti, I.: Constructing non-malleable commitments: A black-box approach. In: 53rd Annual IEEE Symposium on Foundations of Computer Science, FOCS 2012, pp. 51–60. IEEE Computer Society (2012)Google Scholar
  13. 13.
    Hofheinz, D.: Possibility and impossibility results for selective decommitments. J. Cryptology 24(3), 470–516 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Lapidot, D., Shamir, A.: Publicly Verifiable Non-interactive Zero-Knowledge Proofs. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 353–365. Springer, Heidelberg (1991)Google Scholar
  15. 15.
    Lindell, Y.: Bounded-concurrent secure two-party computation without setup assumptions. In: Proceedings of the 35th Annual ACM Symposium on Theory of Computing, STOC, pp. 683–692. ACM (2003)Google Scholar
  16. 16.
    Naor, M.: Bit commitment using pseudorandomness. J. Cryptology 4(2), 151–158 (1991)CrossRefzbMATHGoogle Scholar
  17. 17.
    Ostrovsky, R., Persiano, G., Visconti, I.: Simulation-Based Concurrent Non-malleable Commitments and Decommitments. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 91–108. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Ostrovsky, R., Rao, V., Scafuro, A., Visconti, I.: Revisiting lower and upper bounds for selective decommitments. IACR Cryptology ePrint Archive 2011, 536 (2011)Google Scholar
  19. 19.
    Pass, R., Wee, H.: Black-Box Constructions of Two-Party Protocols from One-Way Functions. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 403–418. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
    Pedersen, T.P.: Non-interactive and Information-Theoretic Secure Verifiable Secret Sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992), Scholar
  21. 21.
    Prabhakaran, M., Rosen, A., Sahai, A.: Concurrent zero knowledge with logarithmic round-complexity. In: 43rd FOCS, pp. 366–375 (2002)Google Scholar
  22. 22.
    Scafuro, A., Visconti, I.: On Round-Optimal Zero Knowledge in the Bare Public-Key Model. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 153–171. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  23. 23.
    Xiao, D.: (Nearly) Round-Optimal Black-Box Constructions of Commitments Secure against Selective Opening Attacks. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 541–558. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  24. 24.
    Xiao, D.: On the round complexity of black-box constructions of commitments secure against selective opening attacks. Cryptology ePrint Archive, Report 2009/513 - Revision May 29, 2012 (2012),
  25. 25.
    Xiao, D.: Round-Optimal Black-Box Statistically Binding Selective-Opening Secure Commitments. In: Mitrokotsa, A., Vaudenay, S. (eds.) AFRICACRYPT 2012. LNCS, vol. 7374, pp. 395–411. Springer, Heidelberg (2012)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Rafail Ostrovsky
    • 1
    • 2
  • Vanishree Rao
    • 1
  • Alessandra Scafuro
    • 3
  • Ivan Visconti
    • 3
  1. 1.Department of Computer ScienceUCLAUSA
  2. 2.Department of MathematicsUCLAUSA
  3. 3.Dipartimento di InformaticaUniversity of SalernoItaly

Personalised recommendations