Cryptology ePrint Archive: Report 2001/055

Universally Composable Commitments

Ran Canetti and Marc Fischlin

Abstract: We propose a new security measure for commitment protocols, called /universally composable/ (UC) Commitment. The measure guarantees that commitment protocols behave like an "ideal commitment service," even when concurrently composed with an arbitrary set of protocols. This is a strong guarantee: it implies that security is maintained even when an unbounded number of copies of the scheme are running concurrently, it implies non-malleability (not only with respect to other copies of the same protocol but even with respect to other protocols), it provides resilience to selective decommitment, and more.

Unfortunately two-party UC commitment protocols do not exist in the plain model. However, we construct two-party UC commitment protocols, based on general complexity assumptions, in the /common reference string model/ where all parties have access to a common string taken from a predetermined distribution. The protocols are non-interactive, in the sense that both the commitment and the opening phases consist of a single message from the committer to the receiver.

Category / Keywords: foundations / commitment schemes, concurrent composition,

Publication Info: extended abstract appears in Proceedings of Crypto 2001

Date: received 10 Jul 2001

Contact author: marc at mi informatik uni-frankfurt de

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20010710:161305 (All versions of this report)

Short URL: ia.cr/2001/055

Discussion forum: Show discussion | Start new discussion