Breaking the Three Round Barrier for Non-malleable Commitments

2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS) Pub Date : 2016-10-01 DOI:10.1109/FOCS.2016.12

Vipul Goyal, Dakshita Khurana, A. Sahai

{"title":"Breaking the Three Round Barrier for Non-malleable Commitments","authors":"Vipul Goyal, Dakshita Khurana, A. Sahai","doi":"10.1109/FOCS.2016.12","DOIUrl":null,"url":null,"abstract":"We construct two-message non-malleable commitments with respect to opening in the standard model, assuming only one-to-one one-way functions. Our protocol consists of two unidirectional messages by the committer (with no message from the receiver), and is secure against all polynomial-time adversaries in the standard synchronous setting. Pass (TCC 2013) proved that any commitment scheme with non-malleability with respect to commitment, using only 2 rounds of communication, cannot be proved secure via a black-box reduction to any \"standard\" intractability assumption. We extend this by showing a similar impossibility result for commitments with non-malleability with respect to opening, another standard notion of non-malleability for commitments, for any 2-message challenge-response protocol, as well. However, somewhat surprisingly, we show that this barrier breaks down in the setting of two unidirectional messages by the committer (with no message from the receiver), for non-malleability with respect to opening. ° Our protocol makes only black-box use of any non-interactive statistically binding commitment scheme. Such a scheme can be based on any one-to-one one-way function. ° Our techniques depart significantly from the commit-challenge-response structure followed by nearly all prior works on non-malleable protocols in the standard model. Our methods are combinatorial in nature. ° Our protocol resolves the round complexity of commitments with non-malleability with respect to opening via natural (non-embedding) black-box security reductions. We show that completely non-interactive non-malleable commitments w.r.t. opening cannot be proved secure via most natural black-box reductions. This result extends to also rule out bi-directional two-message non-malleable commitments w.r.t. opening in the synchronous or asynchronous setting. ° Our protocol, together with our impossibility result, also resolves the round complexity of block-wise non-malleable codes (Chandran et al) w.r.t. natural black-box reductions.","PeriodicalId":414001,"journal":{"name":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FOCS.2016.12","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

We construct two-message non-malleable commitments with respect to opening in the standard model, assuming only one-to-one one-way functions. Our protocol consists of two unidirectional messages by the committer (with no message from the receiver), and is secure against all polynomial-time adversaries in the standard synchronous setting. Pass (TCC 2013) proved that any commitment scheme with non-malleability with respect to commitment, using only 2 rounds of communication, cannot be proved secure via a black-box reduction to any "standard" intractability assumption. We extend this by showing a similar impossibility result for commitments with non-malleability with respect to opening, another standard notion of non-malleability for commitments, for any 2-message challenge-response protocol, as well. However, somewhat surprisingly, we show that this barrier breaks down in the setting of two unidirectional messages by the committer (with no message from the receiver), for non-malleability with respect to opening. ° Our protocol makes only black-box use of any non-interactive statistically binding commitment scheme. Such a scheme can be based on any one-to-one one-way function. ° Our techniques depart significantly from the commit-challenge-response structure followed by nearly all prior works on non-malleable protocols in the standard model. Our methods are combinatorial in nature. ° Our protocol resolves the round complexity of commitments with non-malleability with respect to opening via natural (non-embedding) black-box security reductions. We show that completely non-interactive non-malleable commitments w.r.t. opening cannot be proved secure via most natural black-box reductions. This result extends to also rule out bi-directional two-message non-malleable commitments w.r.t. opening in the synchronous or asynchronous setting. ° Our protocol, together with our impossibility result, also resolves the round complexity of block-wise non-malleable codes (Chandran et al) w.r.t. natural black-box reductions.

查看原文本刊更多论文

打破不可延展性承诺的三轮障碍

我们在标准模型中构造了关于开放的双消息非延展性承诺，假设只有一对一的单向函数。我们的协议由提交者的两条单向消息组成(没有来自接收者的消息)，并且在标准同步设置中对所有多项式时间对手都是安全的。Pass (TCC 2013)证明，仅使用2轮通信，就承诺而言，任何具有不可延展性的承诺方案都不能通过对任何“标准”难处理假设的黑盒还原来证明是安全的。我们通过展示关于开放的具有不可延展性的承诺的类似不可能结果来扩展这一点，这是任何2消息挑战响应协议的承诺的另一个不可延展性的标准概念。然而，有些令人惊讶的是，我们展示了这个障碍在提交者设置的两个单向消息(没有来自接收者的消息)中被打破，因为关于打开的不可延展性。°我们的协议只在黑箱中使用任何非交互式的统计绑定承诺方案。这种方案可以基于任何一对一的单向函数。°我们的技术明显偏离了标准模型中几乎所有关于非延展性协议的先前工作所遵循的提交-挑战-响应结构。我们的方法本质上是组合的。°我们的协议通过自然的(非嵌入的)黑盒安全缩减，解决了关于开放的非延展性承诺的循环复杂性。我们表明，完全非交互的、不可延展性的承诺w.r.t.开放不能通过大多数自然黑盒约简证明是安全的。此结果还可以在同步或异步设置中排除双向双消息不可延展性承诺。°我们的协议，连同我们的不可能结果，也解决了块方向的不可延展性代码(Chandran等)的轮复杂度，而不是自然黑盒约简。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)

自引率

0.00%

发文量