Vipul Goyal
ABSTRACT
We present a new non-malleable commitment protocol. Our protocol has the following features: itemize The protocol has only three rounds of interaction. Pass (TCC 2013) showed an impossibility result for a two-round non-malleable commitment scheme w.r.t. a black-box reduction to any ``standard" intractability reduction. Thus, this resolves the round complexity of non-malleable commitment at least w.r.t. black-box security reductions. Our construction is secure as per the standard notion of non-malleability w.r.t. commitment. Our protocol is truly efficient. In our basic protocol, the entire computation of the committer is dominated by just three invocations of a non-interactive statically binding commitment scheme, while, the receiver computation (in the commitment stage) is limited to just sampling a random string. Unlike many previous works, we directly construct a protocol for large tags and hence avoid any non-malleability amplification steps. Our protocol is based on a black-box use of any non-interactive statistically binding commitment scheme. Such schemes, in turn, can be based on any one-to-one one-way function (or any one-way function at the cost of an extra initialization round). Previously, the best known black-box construction of non-malleable commitments required a larger (constant) number of rounds. Our construction is public-coin and makes use of only black-box simulation. Prior to our work, no public-coin constant round non-malleable commitment schemes were known based on black-box simulation. itemize Our techniques depart significantly from the techniques used previously to construct non-malleable commitment schemes. As a main technical tool, we rely on non-malleable codes in the split state model. Our proofs of security are purely combinatorial in nature. In addition, we also present a simple construction of constant round non-malleable commitments from any one-way function. While this result is not new, the main feature is its simplicity compared to any previous construction of non-malleable commitments (in any number of rounds). We believe the construction is simple enough to be covered in a graduate level course on cryptography. The construction uses non-malleable codes in the split state model in a black-box way.
- {AAG + 16} Divesh Aggarwal, Shashank Agrawal, Divya Gupta, Hemanta Maji, Omkant Pandey, and Manoj Prabhakaran. Optimal computational split-state non-malleable codes. In TCC, 2016.Google Scholar
- {ADKO15} Divesh Aggarwal, Yevgeniy Dodis, Tomasz Kazana, and Maciej Obremski. Non-malleable reductions and applications. In Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, June 14-17, 2015, pages 459–468, 2015. Google ScholarDigital Library
- {ADL14} Divesh Aggarwal, Yevgeniy Dodis, and Shachar Lovett. Non-malleable codes from additive combinatorics. In Symposium on Theory of Computing, STOC 2014, New York, NY, USA, May 31 - June 03, 2014, pages 774–783, 2014. Google ScholarDigital Library
- {Bar02} Boaz Barak. Constant-Round Coin-Tossing with a Man in the Middle or Realizing the Shared Random String Model. In Proceedings of the 43rd Annual IEEE Symposium on Foundations of Computer Science, FOCS ’02, pages 345–355, 2002. Google ScholarDigital Library
- {BGR + 15} Hai Brenner, Vipul Goyal, Silas Richelson, Alon Rosen, and Margarita Vald. Fast non-malleable commitments. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12-6, 2015, pages 1048–1057, 2015. Google ScholarDigital Library
- {Blu86} Manuel Blum. How to prove a theorem so no one else can claim it. In Proceedings of the International Congress of Mathematicians, Berkeley, CA, pages 1444–1451, 1986.Google Scholar
- {CGL15} Eshan Chattopadhyay, Vipul Goyal, and Xin Li. Non-malleable extractors and codes, with their many tampered extensions. CoRR, abs/1505.00107, 2015.Google Scholar
- {CGMO09} Nishanth Chandran, Vipul Goyal, Ryan Moriarty, and Rafail Ostrovsky. Position based cryptography. In Shai Halevi, editor, CRYPTO, volume 5677 of Lecture Notes in Computer Science, pages 391–407. Springer, 2009.Google Scholar
- {CLOS02} Ran Canetti, Yehuda Lindell, Rafail Ostrovsky, and Amit Sahai. Universally composable two-party and multi-party secure computation. In Proceedings of the 34th Annual ACM Symposium on Theory of Computing, STOC ’02, pages 494–503, 2002. Google ScholarDigital Library
- {CZ14} Eshan Chattopadhyay and David Zuckerman. Non-malleable codes against constant split-state tampering. In 55th IEEE Annual Symposium on Foundations of Computer Science, FOCS 2014, Philadelphia, PA, USA, October 18-21, 2014, pages 306–315, 2014. Google ScholarDigital Library
- {DDN91} Danny Dolev, Cynthia Dwork, and Moni Naor. Non-Malleable Cryptography (Extended Abstract). In Proceedings of the 23rd Annual ACM Symposium on Theory of Computing, STOC ’91, pages 542–552, 1991. Google ScholarDigital Library
- {DKO13} Stefan Dziembowski, Tomasz Kazana, and Maciej Obremski. Non-malleable codes from two-source extractors. In Ran Canetti and Juan A. Garay, editors, Advances in Cryptology - CRYPTO 2013 - 33rd Annual Cryptology Conference, Santa Barbara, CA, USA, August 18-22, 2013. Proceedings, Part II, volume 8043 of Lecture Notes in Computer Science, pages 239–257. Springer, 2013.Google ScholarCross Ref
- {DPW10} Stefan Dziembowski, Krzysztof Pietrzak, and Daniel Wichs. Non-malleable codes. In Innovations in Computer Science - ICS 2010, Tsinghua University, Beijing, China, January 5-7, 2010. Proceedings, pages 434–452, 2010.Google Scholar
- {FS89} Uriel Feige and Adi Shamir. Zero knowledge proofs of knowledge in two rounds. In Advances in Cryptology - CRYPTO ’89, 9th Annual International Cryptology Conference, Santa Barbara, California, USA, August 20-24, 1989, Proceedings, pages 526–544, 1989. Google ScholarDigital Library
- {FS90} Uriel Feige and Adi Shamir. Witness indistinguishable and witness hiding protocols. In STOC, pages 416–426. ACM, 1990. Google ScholarDigital Library
- {GK96} Oded Goldreich and Hugo Krawczyk. On the composition of zero-knowledge proof systems. SIAM J. Comput., 25(1):169–192, 1996. Google ScholarDigital Library
- {GLOV12} Vipul Goyal, Chen-Kuei Lee, Rafail Ostrovsky, and Ivan Visconti. Constructing non-malleable commitments: A black-box approach. In FOCS, pages 51–60. IEEE Computer Society, 2012.Google Scholar
- {GMW87} Oded Goldreich, Silvio Micali, and Avi Wigderson. How to play any mental game or A completeness theorem for protocols with honest majority. In Proceedings of the 19th Annual ACM Symposium on Theory of Computing, 1987, New York, New York, USA, pages 218–229, 1987. Google ScholarDigital Library
- {Goy11} Vipul Goyal. Constant Round Non-malleable Protocols Using One-way Functions. In Proceedings of the 43rd Annual ACM Symposium on Theory of Computing, STOC ’11, pages 695–704. ACM, 2011. Google ScholarDigital Library
- {GRRV14} Vipul Goyal, Silas Richelson, Alon Rosen, and Margarita Vald. An algebraic approach to non-malleability. In FOCS, 2014.Google ScholarDigital Library
- {HILL99} Johan H˚ astad, Russell Impagliazzo, Leonid A. Levin, and Michael Luby. A Pseudorandom Generator from any One-way Function. SIAM J. Comput., 28(4):1364–1396, 1999. Google ScholarDigital Library
- {IKOS07} Yuval Ishai, Eyal Kushilevitz, Rafail Ostrovsky, and Amit Sahai. Zero-knowledge from Secure Multiparty Computation. In Proceedings of the 39th Annual ACM Symposium on Theory of Computing, STOC ’07, pages 21–30, 2007. Google ScholarDigital Library
- {Kiy14} Susumu Kiyoshima. Round-efficient black-box construction of composable multi-party computation. In Juan A. Garay and Rosario Gennaro, editors, Advances in Cryptology - CRYPTO 2014 - 34th Annual Cryptology Conference, Santa Barbara, CA, USA, August 17-21, 2014, Proceedings, Part II, volume 8617 of Lecture Notes in Computer Science, pages 351–368. Springer, 2014.Google Scholar
- {KMO14} Susumu Kiyoshima, Yoshifumi Manabe, and Tatsuaki Okamoto. Constant-round black-box construction of composable multi-party computation protocol. In Yehuda Lindell, editor, Theory of Cryptography - 11th Theory of Cryptography Conference, TCC 2014, San Diego, CA, USA, February 24-26, 2014. Proceedings, volume 8349 of Lecture Notes in Computer Science, pages 343–367. Springer, 2014.Google Scholar
- {LP09} Huijia Lin and Rafael Pass. Non-malleability Amplification. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC ’09, pages 189–198, 2009. Google ScholarDigital Library
- {LP11} Huijia Lin and Rafael Pass. Constant-round Non-malleable Commitments from Any One-way Function. In Proceedings of the 43rd Annual ACM Symposium on Theory of Computing, STOC ’11, pages 705–714, 2011. Google ScholarDigital Library
- {LP12} Huijia Lin and Rafael Pass. Black-box constructions of composable protocols without set-up. In Reihaneh Safavi-Naini and Ran Canetti, editors, Advances in Cryptology - CRYPTO 2012 - 32nd Annual Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2012. Proceedings, volume 7417 of Lecture Notes in Computer Science, pages 461–478. Springer, 2012. Google ScholarDigital Library
- {LPV08} Huijia Lin, Rafael Pass, and Muthuramakrishnan Venkitasubramaniam. Concurrent Non-malleable Commitments from Any One-Way Function. In Theory of Cryptography, 5th Theory of Cryptography Conference, TCC 2008, pages 571–588, 2008. Google ScholarDigital Library
- {LPV09} Huijia Lin, Rafael Pass, and Muthuramakrishnan Venkitasubramaniam. A Unified Framework for Concurrent Security: Universal Composability from Stand-alone Non-malleability. In Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC ’09, pages 179–188, 2009. Google ScholarDigital Library
- {LS90} Dror Lapidot and Adi Shamir. Publicly verifiable non-interactive zero-knowledge proofs. In CRYPTO, pages 353–365, 1990.Google Scholar
- {Nao91} Moni Naor. Bit Commitment Using Pseudorandomness. J. Cryptology, 4(2):151–158, 1991. Google ScholarDigital Library
- {Pas13} Rafael Pass. Unprovable security of perfect NIZK and non-interactive non-malleable commitments. In TCC, pages 334–354, 2013.Google ScholarDigital Library
- {PPV08} Omkant Pandey, Rafael Pass, and Vinod Vaikuntanathan. Adaptive One-Way Functions and Applications. In Advances in Cryptology — CRYPTO ’08, pages 57–74, 2008. Google ScholarDigital Library
- {PR05a} Rafael Pass and Alon Rosen. Concurrent Non-Malleable Commitments. In Proceedings of the 46th Annual IEEE Symposium on Foundations of ComputerScience, FOCS ’05, pages 563–572, 2005. Google ScholarDigital Library
- {PR05b} Rafael Pass and Alon Rosen. New and improved constructions of non-malleable cryptographic protocols. In Proceedings of the 37th Annual ACM Symposium on Theory of Computing, STOC ’05, pages 533–542, 2005. Google ScholarDigital Library
- {PW10} Rafael Pass and Hoeteck Wee. Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions. In Advances in Cryptology — EUROCRYPT ’10, pages 638–655, 2010.Google ScholarDigital Library
- {Wee10} Hoeteck Wee. Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification. In Proceedings of the 51th Annual IEEE Symposium on Foundations of Computer Science, pages 531–540, 2010. Google ScholarDigital Library
Index Terms
- Textbook non-malleable commitments
Recommendations
Constant-round non-malleable commitments from any one-way function
STOC '11: Proceedings of the forty-third annual ACM symposium on Theory of computingWe show unconditionally that the existence of commitment schemes implies the existence of constant-round non-malleable commitments; earlier protocols required additional assumptions such as collision resistant hash functions or subexponential one-way ...
Simple CCA-Secure Public Key Encryption from Any Non-Malleable Identity-Based Encryption
Information Security and Cryptology --- ICISC 2008In this paper, we present a simple and generic method for constructing public key encryption (PKE) secure against chosen ciphertext attacks (CCA) from identity-based encryption (IBE). Specifically, we show that a CCA-secure PKE scheme can be generically ...
Concurrent Non-Malleable Commitments and More in 3 Rounds
Proceedings, Part III, of the 36th Annual International Cryptology Conference on Advances in Cryptology --- CRYPTO 2016 - Volume 9816The round complexity of commitment schemes secure against man-in-the-middle attacks has been the focus of extensive research for about 25 years. The recent breakthrough of Goyal et al. [22] showed that 3 rounds are sufficient for one-left, one-right non-...
Comments