We introduce the notion of hybrid trapdoor commitment schemes. Intuitively a hybrid trapdoor commitment scheme is a primitive which can be either an unconditionally binding commitment scheme or a trapdoor commitment scheme depending on the distribution of commitment parameters. Moreover, such two possible distributions are computationally indistinguishable. Hybrid trapdoor commitments are related but different with respect to mixed commitments (introduced by Damgård and Nielsen at Crypto 2002). In particular hybrid trapdoor commitments can either be polynomially trapdoor commitments or unconditionally binding commitments, while mixed commitments can be either trapdoor commitments or extractable commitments. In this paper we show that strong notions (e.g., simulation sound, multi-trapdoor) of hybrid trapdoor commitments admit constructions based on the sole assumption that one-way functions exist as well as efficient constructions based on standard number-theoretic assumptions. To further stress the difference between hybrid and mixed commitments, we remark here that mixed commitments seem to require stronger theoretical assumptions (and the known number-theoretic constructions are less efficient). Our main result, is to show how to construct concurrent and simulation-sound zero-knowledge proof systems (in contrast to the arguments recently presented in [I. Damgård, Efficient concurrent zero-knowledge in the auxiliary string model, in: Advances in Cryptology - Eurocrypt'00, in: Lecture Notes in Computer Science, vol. 1807, Springer-Verlag, 2000, pp. 418-430; P. MacKenzie, K. Yang, On simulation-sound trapdoor commitments, in: Advances in Cryptology - Eurocrypt'04, in: Lecture Notes in Computer Science, vol. 3027, Springer-Verlag, 2004, pp. 382-400; R. Gennaro, Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks, in: Advances in Cryptology - Crypto'04, in: Lecture Notes in Computer Science, vol. 3152, Springer-Verlag, 2004, pp. 220-236]) in the common reference string model. We crucially use hybrid trapdoor commitments since we present general constructions based on the sole assumption that one-way functions exist and very efficient constructions based on number-theoretic assumptions
Hybrid Commitments and their Applications to Zero Knowledge Proof Systems
CATALANO, Dario;
2007-01-01
Abstract
We introduce the notion of hybrid trapdoor commitment schemes. Intuitively a hybrid trapdoor commitment scheme is a primitive which can be either an unconditionally binding commitment scheme or a trapdoor commitment scheme depending on the distribution of commitment parameters. Moreover, such two possible distributions are computationally indistinguishable. Hybrid trapdoor commitments are related but different with respect to mixed commitments (introduced by Damgård and Nielsen at Crypto 2002). In particular hybrid trapdoor commitments can either be polynomially trapdoor commitments or unconditionally binding commitments, while mixed commitments can be either trapdoor commitments or extractable commitments. In this paper we show that strong notions (e.g., simulation sound, multi-trapdoor) of hybrid trapdoor commitments admit constructions based on the sole assumption that one-way functions exist as well as efficient constructions based on standard number-theoretic assumptions. To further stress the difference between hybrid and mixed commitments, we remark here that mixed commitments seem to require stronger theoretical assumptions (and the known number-theoretic constructions are less efficient). Our main result, is to show how to construct concurrent and simulation-sound zero-knowledge proof systems (in contrast to the arguments recently presented in [I. Damgård, Efficient concurrent zero-knowledge in the auxiliary string model, in: Advances in Cryptology - Eurocrypt'00, in: Lecture Notes in Computer Science, vol. 1807, Springer-Verlag, 2000, pp. 418-430; P. MacKenzie, K. Yang, On simulation-sound trapdoor commitments, in: Advances in Cryptology - Eurocrypt'04, in: Lecture Notes in Computer Science, vol. 3027, Springer-Verlag, 2004, pp. 382-400; R. Gennaro, Multi-trapdoor commitments and their applications to proofs of knowledge secure under concurrent man-in-the-middle attacks, in: Advances in Cryptology - Crypto'04, in: Lecture Notes in Computer Science, vol. 3152, Springer-Verlag, 2004, pp. 220-236]) in the common reference string model. We crucially use hybrid trapdoor commitments since we present general constructions based on the sole assumption that one-way functions exist and very efficient constructions based on number-theoretic assumptionsI documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
