Katz designed a UC commitment protocol that requires both parties to generate hardware tokens. In addition, his protocol relies on a specific number-theoretic assumption. In this paper, we construct UC commitment protocols for ``David'' and ``Goliath'': we only require a single party (Goliath) to be capable of generating tokens. We construct a version of the protocol that is secure for computationally unbounded parties, and a more efficient version that makes computational assumptions only about David (we require only the existence of a one-way function). Our protocols are simple enough to be performed by hand on David's side.
These properties may allow such protocols to be used in situations which are inherently asymmetric in real-life, especially those involving individuals versus large organizations. Classic examples include voting protocols (voters versus ``the government'') and protocols involving private medical data (patients versus insurance-agencies or hospitals).
Category / Keywords: cryptographic protocols / Universal Composability, Tamper-Proof Hardware Publication Info: Eurocrypt 2008; This is a longer version of the paper Date: received 29 Jan 2008, last revised 31 Jan 2008 Contact author: tal moran at weizmann ac il Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation Version: 20080131:153041 (All versions of this report) Discussion forum: Show discussion | Start new discussion