{"title":"基于格的键值承诺方案","authors":"Hideaki Miyaji;Atsuko Miyaji","doi":"10.1109/TIT.2025.3559974","DOIUrl":null,"url":null,"abstract":"A blockchain is an important component in the design of secure distributed file systems, such as cryptocurrencies. One of the key components of the blockchain is the key-value commitment scheme, which constructs a commitment value from two inputs: a key and a value. In a conventional commitment scheme, a single user constructs a commitment value from an input value, whereas in a key-value commitment scheme, multiple users construct a commitment value from their keys and values. Both conventional and key-value commitment schemes must satisfy binding and hiding properties. The key-binding and key-hiding properties guarantee that neither the sender nor the verifier can act maliciously. The concept of a key-value commitment scheme was first proposed by Agrawal et al. in 2020 using a strong RSA assumption. Their scheme satisfies the key-binding but not key-hiding properties. In this paper, we propose two lattice-based key-value commitment schemes, <inline-formula> <tex-math>${\\mathsf { Insert}}\\text {-}{\\mathsf { KVC}}_{m/2,n,q,\\beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${\\mathsf {\\text {KVC}}}_{m,n,q,\\beta }$ </tex-math></inline-formula>, that satisfy both the key-binding and the key-hiding properties. The key-binding property of both <inline-formula> <tex-math>${\\mathsf { Insert}}\\text {-}{\\mathsf { KVC}}_{m/2,n,q,\\beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${\\mathsf {\\text {KVC}}}_{m,n,q,\\beta }$ </tex-math></inline-formula> are proven under the short integer solution (<inline-formula> <tex-math>${\\mathsf {\\text {SIS}}}^{\\infty } _{n,m,q,\\beta }$ </tex-math></inline-formula>) problem. The key-hiding property of both <inline-formula> <tex-math>${\\mathsf { Insert}}\\text {-}{\\mathsf { KVC}}_{m/2,n,q,\\beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${\\mathsf {\\text {KVC}}}_{m,n,q,\\beta }$ </tex-math></inline-formula> are proven under the Decisional-<inline-formula> <tex-math>${\\mathsf {\\text {SIS}}}^{\\infty } _{n,m,q,\\beta }$ </tex-math></inline-formula>-form problem, which is newly defined in this paper. We demonstrate the difficulty of the Decisional-<inline-formula> <tex-math>${\\mathsf {\\text {SIS}}}^{\\infty } _{n,m,q,\\beta }$ </tex-math></inline-formula>-form problem by showing that the Decisional-<inline-formula> <tex-math>${\\mathsf {\\text {SIS}}}^{\\infty } _{n,m,q,\\beta }$ </tex-math></inline-formula>-form problem is secure when the <inline-formula> <tex-math>${\\mathsf {\\text {SIS}}}^{\\infty } _{n,m,q,\\beta }$ </tex-math></inline-formula> problem is secure. Finally, we analyze the computational costs of <inline-formula> <tex-math>${\\mathsf { Insert}}\\text {-}{\\mathsf { KVC}}_{m/2,n,q,\\beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${\\mathsf {\\text {KVC}}}_{m,n,q,\\beta }$ </tex-math></inline-formula>. Our method is the first lattice-based key-value commitment scheme with proven the key-binding and the key-hiding properties.","PeriodicalId":13494,"journal":{"name":"IEEE Transactions on Information Theory","volume":"71 6","pages":"4839-4853"},"PeriodicalIF":2.2000,"publicationDate":"2025-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10963723","citationCount":"0","resultStr":"{\"title\":\"Lattice-Based Key-Value Commitment Scheme\",\"authors\":\"Hideaki Miyaji;Atsuko Miyaji\",\"doi\":\"10.1109/TIT.2025.3559974\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A blockchain is an important component in the design of secure distributed file systems, such as cryptocurrencies. One of the key components of the blockchain is the key-value commitment scheme, which constructs a commitment value from two inputs: a key and a value. In a conventional commitment scheme, a single user constructs a commitment value from an input value, whereas in a key-value commitment scheme, multiple users construct a commitment value from their keys and values. Both conventional and key-value commitment schemes must satisfy binding and hiding properties. The key-binding and key-hiding properties guarantee that neither the sender nor the verifier can act maliciously. The concept of a key-value commitment scheme was first proposed by Agrawal et al. in 2020 using a strong RSA assumption. Their scheme satisfies the key-binding but not key-hiding properties. In this paper, we propose two lattice-based key-value commitment schemes, <inline-formula> <tex-math>${\\\\mathsf { Insert}}\\\\text {-}{\\\\mathsf { KVC}}_{m/2,n,q,\\\\beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${\\\\mathsf {\\\\text {KVC}}}_{m,n,q,\\\\beta }$ </tex-math></inline-formula>, that satisfy both the key-binding and the key-hiding properties. The key-binding property of both <inline-formula> <tex-math>${\\\\mathsf { Insert}}\\\\text {-}{\\\\mathsf { KVC}}_{m/2,n,q,\\\\beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${\\\\mathsf {\\\\text {KVC}}}_{m,n,q,\\\\beta }$ </tex-math></inline-formula> are proven under the short integer solution (<inline-formula> <tex-math>${\\\\mathsf {\\\\text {SIS}}}^{\\\\infty } _{n,m,q,\\\\beta }$ </tex-math></inline-formula>) problem. The key-hiding property of both <inline-formula> <tex-math>${\\\\mathsf { Insert}}\\\\text {-}{\\\\mathsf { KVC}}_{m/2,n,q,\\\\beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${\\\\mathsf {\\\\text {KVC}}}_{m,n,q,\\\\beta }$ </tex-math></inline-formula> are proven under the Decisional-<inline-formula> <tex-math>${\\\\mathsf {\\\\text {SIS}}}^{\\\\infty } _{n,m,q,\\\\beta }$ </tex-math></inline-formula>-form problem, which is newly defined in this paper. We demonstrate the difficulty of the Decisional-<inline-formula> <tex-math>${\\\\mathsf {\\\\text {SIS}}}^{\\\\infty } _{n,m,q,\\\\beta }$ </tex-math></inline-formula>-form problem by showing that the Decisional-<inline-formula> <tex-math>${\\\\mathsf {\\\\text {SIS}}}^{\\\\infty } _{n,m,q,\\\\beta }$ </tex-math></inline-formula>-form problem is secure when the <inline-formula> <tex-math>${\\\\mathsf {\\\\text {SIS}}}^{\\\\infty } _{n,m,q,\\\\beta }$ </tex-math></inline-formula> problem is secure. Finally, we analyze the computational costs of <inline-formula> <tex-math>${\\\\mathsf { Insert}}\\\\text {-}{\\\\mathsf { KVC}}_{m/2,n,q,\\\\beta }$ </tex-math></inline-formula> and <inline-formula> <tex-math>${\\\\mathsf {\\\\text {KVC}}}_{m,n,q,\\\\beta }$ </tex-math></inline-formula>. Our method is the first lattice-based key-value commitment scheme with proven the key-binding and the key-hiding properties.\",\"PeriodicalId\":13494,\"journal\":{\"name\":\"IEEE Transactions on Information Theory\",\"volume\":\"71 6\",\"pages\":\"4839-4853\"},\"PeriodicalIF\":2.2000,\"publicationDate\":\"2025-04-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10963723\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Information Theory\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10963723/\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Information Theory","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10963723/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A blockchain is an important component in the design of secure distributed file systems, such as cryptocurrencies. One of the key components of the blockchain is the key-value commitment scheme, which constructs a commitment value from two inputs: a key and a value. In a conventional commitment scheme, a single user constructs a commitment value from an input value, whereas in a key-value commitment scheme, multiple users construct a commitment value from their keys and values. Both conventional and key-value commitment schemes must satisfy binding and hiding properties. The key-binding and key-hiding properties guarantee that neither the sender nor the verifier can act maliciously. The concept of a key-value commitment scheme was first proposed by Agrawal et al. in 2020 using a strong RSA assumption. Their scheme satisfies the key-binding but not key-hiding properties. In this paper, we propose two lattice-based key-value commitment schemes, ${\mathsf { Insert}}\text {-}{\mathsf { KVC}}_{m/2,n,q,\beta }$ and ${\mathsf {\text {KVC}}}_{m,n,q,\beta }$ , that satisfy both the key-binding and the key-hiding properties. The key-binding property of both ${\mathsf { Insert}}\text {-}{\mathsf { KVC}}_{m/2,n,q,\beta }$ and ${\mathsf {\text {KVC}}}_{m,n,q,\beta }$ are proven under the short integer solution (${\mathsf {\text {SIS}}}^{\infty } _{n,m,q,\beta }$ ) problem. The key-hiding property of both ${\mathsf { Insert}}\text {-}{\mathsf { KVC}}_{m/2,n,q,\beta }$ and ${\mathsf {\text {KVC}}}_{m,n,q,\beta }$ are proven under the Decisional-${\mathsf {\text {SIS}}}^{\infty } _{n,m,q,\beta }$ -form problem, which is newly defined in this paper. We demonstrate the difficulty of the Decisional-${\mathsf {\text {SIS}}}^{\infty } _{n,m,q,\beta }$ -form problem by showing that the Decisional-${\mathsf {\text {SIS}}}^{\infty } _{n,m,q,\beta }$ -form problem is secure when the ${\mathsf {\text {SIS}}}^{\infty } _{n,m,q,\beta }$ problem is secure. Finally, we analyze the computational costs of ${\mathsf { Insert}}\text {-}{\mathsf { KVC}}_{m/2,n,q,\beta }$ and ${\mathsf {\text {KVC}}}_{m,n,q,\beta }$ . Our method is the first lattice-based key-value commitment scheme with proven the key-binding and the key-hiding properties.
期刊介绍:
The IEEE Transactions on Information Theory is a journal that publishes theoretical and experimental papers concerned with the transmission, processing, and utilization of information. The boundaries of acceptable subject matter are intentionally not sharply delimited. Rather, it is hoped that as the focus of research activity changes, a flexible policy will permit this Transactions to follow suit. Current appropriate topics are best reflected by recent Tables of Contents; they are summarized in the titles of editorial areas that appear on the inside front cover.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
