Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing

@inproceedings{Halevi1996PracticalAP,
  title={Practical and Provably-Secure Commitment Schemes from Collision-Free Hashing},
  author={Shai Halevi and Silvio Micali},
  booktitle={CRYPTO},
  year={1996}
}
We present a very practical string-commitment scheme which is provably based solely on collision-free hashing. [...] Key ResultOur result also proves that constant round statistical zero-knowledge arguments and constant-round computational zero-knowledge proofs for NP exist based on the existence of collision-free hash functions.Expand
Sufficient Conditions for Collision-Resistant Hashing
TLDR
Several new constructions of collision-resistant hash-functions (CRHFs) from general assumptions are presented, including constructions from two other primitives that are implied by homomorphic-encryption: one-round private information retrieval (PIR) protocols and homomorphic one-way commitments. Expand
Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a
We present a new and very simple commitment scheme that does not depend on any assumptions about computational complexity the Sender and Receiver may both be computationally unbounded In stead theExpand
A NON-REPUDIABLE BIASED BITSTRING COMMITMENT SCHEME ON A POST QUANTUM CRYPTOSYSTEM
Commitment schemes are fundamental bricks for guaranteeing fairness in upper level cryptographic protocols. Most commitment schemes in the literature rely on hash functions, which should be stronglyExpand
Statistically-hiding commitment from any one-way function
We give a construction of statistically-hiding commitment schemes (ones where the hiding propertyholds information theoretically), based on the minimal cryptographic assumption that one-way functionsExpand
Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Truste
TLDR
A new and very simple commitment scheme that does not depend on any assumptions about computational complexity and is easily handled in the same model using a simple OT protocol due to Bennett et al. Expand
Unconditionally Secure Commitment and Oblivious Transfer Schemes Using Private Channels and a Trusted Initializer
We present a new and very simple commitment scheme that does not depend on any assumptions about computational complexity; the Sender and Receiver may both be computationally unbounded. Instead , theExpand
A NON-REPUDIABLE BIASED BITSTRING COMMITMENT SCHEME ON A POSTQUANTUM CRYPTOSYSTEM USING NON-ABELIAN GROUP
TLDR
This work presents a commitment scheme, which avoids hash functions by using a public-key cryptosystem based on braid root problem instead, and which is strongly collision free. Expand
String commitment scheme with low output locality
TLDR
This paper constructs a commitment scheme having low output locality from a modified lattice-based hash function for the first time and proves that the scheme satisfies the binding property and the hiding property. Expand
On the Complexity of Collision Resistant Hash Functions: New and Old Black-Box Separations
TLDR
Black-box separations demonstrate that constructions from one-way functions are unlikely, and theoretical constructions of collision-resistant hash functions are based on rather structured assumptions. Expand
Constructions and Bounds for Unconditionally Secure Non-Interactive Commitment Schemes
TLDR
This paper presents a formal mathematical model for unconditionally secure non-interactive commitment schemes with a trusted initializer and analyzes their binding and concealing properties, and shows that such schemes cannot be perfectly binding. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 26 REFERENCES
Cryptographically Strong Undeniable Signatures, Unconditionally Secure for the Signer
We present the first undeniable signature schemes where signers are unconditionally secure. In the efficient variants, the security for the recipients relies on a discrete logarithm assumption or onExpand
Efficient Commitment Schemes with Bounded Sender and Unbounded Receiver
  • S. Halevi
  • Mathematics, Computer Science
  • CRYPTO
  • 1995
TLDR
The problem of commitment schemes where the sender is bounded to polynomial time and the receiver may be all powerful is addressed and a scheme for committing to a (possibly long) string is presented. Expand
Universal one-way hash functions and their cryptographic applications
TLDR
A Universal One-Way Hash Function family is defined, a new primitive which enables the compression of elements in the function domain and it is proved constructively that universal one- way hash functions exist if any 1-1 one-way functions exist. Expand
On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures
We show that the existence of a statistically hiding bit commitment scheme with non-interactive opening and public verification implies the existence of fail-stop signatures. Therefore suchExpand
Bit Commitment Using Pseudo-Randomness
We show how a pseudo-random generator can provide a bit commitment protocol. We also analyze the number of bits communicated when parties commit to many bits simultaneously, and show that theExpand
Direct Minimum-Knowledge Computations
TLDR
A protocol scheme which directly simulates any given computation, defined on any computational device, in a minimum-knowledge fashion, and a scheme for simulation of computation in dual (perfect) minimum- knowledge fashion are presented. Expand
A Remark on a Signature Scheme Where Forgery Can Be Proved
A new type of signature scheme, a signature scheme where forgery by an unexpectedly powerful attacker is provable, was suggested in [11]: if the signature of an honest participant Alice is forged,Expand
A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks
TLDR
A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message. Expand
Perfect zero-knowledge ar-guments for NP can be based on general complexity assumptions
"Zero-knowledge arguments" is a fwidamental cryptographic primitive which allows one polynomial-time player to convince another polynomial-time player of the validity of an NP statement, withoutExpand
Perfect Zero-Knowledge Arguments for NP Can Be Based on General Complexity Assumptions (Extended Abstract)
TLDR
A general construction of zero-knowledge arguments, which can be based on any one-way permutation, is shown, which is efficient both players can execute only polynomial-time programs during the protocol and the security achieved is on-line. Expand
...
1
2
3
...