Paper 2009/513

On the round complexity of black-box constructions of commitments secure against selective opening attacks

David Xiao

Abstract

Selective opening attacks against commitment schemes occur when the commitment scheme is repeated in parallel and an adversary can choose depending on the commit-phase transcript to see the values and openings to some subset of the committed bits. Commitments are secure under such attacks if one can prove that the remaining, unopened commitments stay secret. We prove the following black-box constructions and black-box lower bounds for commitments secure against selective opening attacks for parallel composition: 1. $3$ (resp. $4$) rounds are necessary to build computationally (resp. statistically) binding and computationally hiding commitments. 2. There is a black-box construction of $(t+3)$-round statistically binding commitments secure against selective opening attacks based on $t$-round stand-alone statistically hiding commitments. 3. $O(1)$-round statistically-hiding commitments are equivalent to $O(1)$-round statistically-binding commitments. Our lower bounds improve upon the parameters obtained by the impossibility results of Bellare \etal{} (EUROCRYPT '09), and are proved in a fundamentally different way, by observing that essentially all known impossibility results for black-box zero-knowledge can also be applied to the case of commitments secure against selective opening attacks.

Note: Ostrovsky et al. (ePrint report 2011/536) discovered several errors in the original manuscript. This revision takes into account these errors.