Efficient construction of a fully-equipped UC commitment scheme is a long-standing open problem.
We introduce the notion of all-but-many encryption (ABME), and prove that it is a translation of fully-equipped UC commitment in the primitive level. We propose a compact ABME scheme from the DCR based assumptions and thereby the first fully-equipped UC commitment scheme with optimal expansion factor Omega(1) in communication and computational costs. We also construct a ABME scheme from the DDH assumption with overhead O(k/(logk)). We further present a fully-equipped UC commitment scheme from a weak ABME scheme under the general assumption (where trapdoor permutations exist), which is far more efficient than the previous work under the same assumption.
As a side result, we present an all-but-many lossy trapdoor function (ABM-LTF) from our DCR-based ABME scheme, with a better lossy rate than [Hofheinz: Eurocrypt 2012].Category / Keywords: public-key cryptography / bit commitment, universal composability Date: received 5 Jul 2012, last revised 2 Jun 2014 Contact author: fujisaki eiichiro at lab ntt co jp Available format(s): PDF | BibTeX Citation Note: Added informative explanation. Corrected security proofs, and replaced a DL based candidate with one with short public key. Version: 20140602:060033 (All versions of this report) Discussion forum: Show discussion | Start new discussion