Paper 2012/379

All-But-Many Encryptions: A New Framework for Fully-Equipped UC Commitments

Eiichiro Fujisaki

Abstract

We present a general framework for constructing non-interactive universally composable (UC) commitment schemes that are secure against adaptive adversaries in the non-erasure model under a re-usable common reference string. Previously, such ``fully-equipped'' UC commitment schemes have been known only in [Canetti-Fischlin: CRYPTO 2001] and [CLOS: STOC2002], with a strict overhead of O(k); meaning that to commit n bits, the communication and computational costs strictly require O(nk), where k denotes the security parameter. Efficient construction of a fully-equipped UC commitment scheme is a long-standing open problem. We introduce the notion of all-but-many encryption (ABME), and prove that it is a translation of fully-equipped UC commitment in the primitive level. We propose a compact ABME scheme from the DCR based assumptions and thereby the first fully-equipped UC commitment scheme with optimal expansion factor Omega(1) in communication and computational costs. We also construct a ABME scheme from the DDH assumption with overhead O(k/(logk)). We further present a fully-equipped UC commitment scheme from a weak ABME scheme under the general assumption (where trapdoor permutations exist), which is far more efficient than the previous work under the same assumption. As a side result, we present an all-but-many lossy trapdoor function (ABM-LTF) from our DCR-based ABME scheme, with a better lossy rate than [Hofheinz: Eurocrypt 2012].

Note: Added informative explanation. Corrected security proofs, and replaced a DL based candidate with one with short public key.