当前位置:
X-MOL 学术
›
SIAM J. Comput.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Two-Round and Non-Interactive Concurrent Non-Malleable Commitments from Time-Lock Puzzles
SIAM Journal on Computing ( IF 1.2 ) Pub Date : 2020-01-16 , DOI: 10.1137/17m1163177 Huijia Lin , Rafael Pass , Pratik Soni
SIAM Journal on Computing ( IF 1.2 ) Pub Date : 2020-01-16 , DOI: 10.1137/17m1163177 Huijia Lin , Rafael Pass , Pratik Soni
SIAM Journal on Computing, Ahead of Print.
Non-malleable commitments are a fundamental cryptographic tool for preventing (concurrent) man-in-the-middle attacks. Since their invention by Dolev, Dwork, and Naor in 1991, their round-complexity has been extensively studied, leading up to constant-round protocols based on one-way functions (OWFs), and three-round protocols based on sub-exponential OWFs, and standard polynomial-time hardness assumptions such as decisional Diffie--Hellman (DDH) and ZAPs (i.e., two-round witness-indistinguishable proofs). But constructions of two-round, or non-interactive, non-malleable commitments have so far remained elusive; the only known construction relied on a strong and non-falsifiable assumption with a non-malleability flavor. Additionally, a recent result by Pass shows the impossibility of basing two-round non-malleable commitments on falsifiable assumptions using a polynomial-time black-box security reduction. In this work, we show how to overcome this impossibility using super-polynomial-time hardness assumptions. Our main result demonstrates the existence of two-round concurrent non-malleable commitments based on the following four primitives (all with sub-exponential security): (1) non-interactive commitments, (2) ZAPs (i.e., 2-round witness indistinguishable proofs), (3) collision-resistant hash functions, and (4) a “weak” time-lock puzzle. Primitives (1), (2), and (3) can be based on, e.g., the discrete log and the RSA assumption. Time-lock puzzles---puzzles that can be solved by “brute-force” in time $2^t$, but cannot be solved significantly faster even using parallel computers---were proposed by Rivest, Shamir, and Wagner in 1996 and have been extensively studied since. We additionally obtain a non-interactive (i.e., one-message) version of our protocol satisfying concurrent non-malleability w.r.t. uniform attackers and show that our non-malleable commitments satisfy an even stronger notion of chosen commitment attack security.
中文翻译:
时间锁定难题的两轮和非交互并发非恶意承诺
《 SIAM计算杂志》,预印本。
不可恶意的承诺是用于防止(并发)中间人攻击的基本加密工具。自从Dolev,Dwork和Naor于1991年发明它们以来,对它们的循环复杂性进行了广泛的研究,最终导致了基于单向函数(OWF)的恒定循环协议和基于次指数OWF的三轮协议。以及标准多项式时间硬度假设,例如决策Diffie-Hellman(DDH)和ZAP(即两轮见证人无法区分的证明)。但是到目前为止,两轮或非互动,不可恶意的承诺的建设仍然遥遥无期。唯一已知的构造依赖于具有不易碎变味的强烈且不可伪造的假设。另外,Pass的最新结果表明,不可能使用多项式时间黑盒安全性缩减将两轮不可恶意的承诺基于可证伪的假设。在这项工作中,我们展示了如何使用超多项式时间硬度假设来克服这种可能性。我们的主要结果表明,存在基于以下四个原语的两轮并发不可恶意承诺(均具有次指数安全性):( 1)非交互性承诺,(2)ZAP(即两轮见证人无法区分)证明),(3)抗碰撞的哈希函数和(4)“弱”时间锁定难题。基元(1),(2)和(3)可以基于例如离散对数和RSA假设。锁时拼图-可以通过$ 2 ^ t $的“强力”解决的难题,但Rivest,Shamir和Wagner于1996年提出,但即使使用并行计算机也无法更快地解决,此后对此进行了广泛的研究。此外,我们还获得了协议的非交互式(即一个消息)版本,该版本满足并发的非恶意攻击,并具有统一的攻击者,并且表明我们的非恶意承诺满足选择的承诺攻击安全性的更强概念。
更新日期:2020-01-16
Non-malleable commitments are a fundamental cryptographic tool for preventing (concurrent) man-in-the-middle attacks. Since their invention by Dolev, Dwork, and Naor in 1991, their round-complexity has been extensively studied, leading up to constant-round protocols based on one-way functions (OWFs), and three-round protocols based on sub-exponential OWFs, and standard polynomial-time hardness assumptions such as decisional Diffie--Hellman (DDH) and ZAPs (i.e., two-round witness-indistinguishable proofs). But constructions of two-round, or non-interactive, non-malleable commitments have so far remained elusive; the only known construction relied on a strong and non-falsifiable assumption with a non-malleability flavor. Additionally, a recent result by Pass shows the impossibility of basing two-round non-malleable commitments on falsifiable assumptions using a polynomial-time black-box security reduction. In this work, we show how to overcome this impossibility using super-polynomial-time hardness assumptions. Our main result demonstrates the existence of two-round concurrent non-malleable commitments based on the following four primitives (all with sub-exponential security): (1) non-interactive commitments, (2) ZAPs (i.e., 2-round witness indistinguishable proofs), (3) collision-resistant hash functions, and (4) a “weak” time-lock puzzle. Primitives (1), (2), and (3) can be based on, e.g., the discrete log and the RSA assumption. Time-lock puzzles---puzzles that can be solved by “brute-force” in time $2^t$, but cannot be solved significantly faster even using parallel computers---were proposed by Rivest, Shamir, and Wagner in 1996 and have been extensively studied since. We additionally obtain a non-interactive (i.e., one-message) version of our protocol satisfying concurrent non-malleability w.r.t. uniform attackers and show that our non-malleable commitments satisfy an even stronger notion of chosen commitment attack security.
中文翻译:
时间锁定难题的两轮和非交互并发非恶意承诺
《 SIAM计算杂志》,预印本。
不可恶意的承诺是用于防止(并发)中间人攻击的基本加密工具。自从Dolev,Dwork和Naor于1991年发明它们以来,对它们的循环复杂性进行了广泛的研究,最终导致了基于单向函数(OWF)的恒定循环协议和基于次指数OWF的三轮协议。以及标准多项式时间硬度假设,例如决策Diffie-Hellman(DDH)和ZAP(即两轮见证人无法区分的证明)。但是到目前为止,两轮或非互动,不可恶意的承诺的建设仍然遥遥无期。唯一已知的构造依赖于具有不易碎变味的强烈且不可伪造的假设。另外,Pass的最新结果表明,不可能使用多项式时间黑盒安全性缩减将两轮不可恶意的承诺基于可证伪的假设。在这项工作中,我们展示了如何使用超多项式时间硬度假设来克服这种可能性。我们的主要结果表明,存在基于以下四个原语的两轮并发不可恶意承诺(均具有次指数安全性):( 1)非交互性承诺,(2)ZAP(即两轮见证人无法区分)证明),(3)抗碰撞的哈希函数和(4)“弱”时间锁定难题。基元(1),(2)和(3)可以基于例如离散对数和RSA假设。锁时拼图-可以通过$ 2 ^ t $的“强力”解决的难题,但Rivest,Shamir和Wagner于1996年提出,但即使使用并行计算机也无法更快地解决,此后对此进行了广泛的研究。此外,我们还获得了协议的非交互式(即一个消息)版本,该版本满足并发的非恶意攻击,并具有统一的攻击者,并且表明我们的非恶意承诺满足选择的承诺攻击安全性的更强概念。
京公网安备 11010802027423号