Cryptology ePrint Archive: Report 2013/108
Unconditionally Secure and Universally Composable Commitments from Physical Assumptions
Ivan Damgard and Alessandra Scafuro
Abstract: We present a constant-round unconditional black-box compiler that transforms any ideal (i.e., statistically-hiding and statistically-binding) straight-line extractable commitment scheme, into an extractable and equivocal commitment scheme, therefore yielding to UC-security . We exemplify the usefulness of our compiler by providing two (constant-round) instantiations of ideal straight-line extractable commitment based on (malicious) PUFs  and stateless tamper-proof hardware tokens , therefore achieving the first unconditionally UC-secure commitment with malicious PUFs and stateless tokens, respectively. Our constructions are secure for adversaries creating arbitrarily malicious stateful PUFs/tokens.
Previous results with malicious PUFs used either computational assumptions to achieve UC- secure commitments or were unconditionally secure but only in the indistinguishability sense . Similarly, with stateless tokens, UC-secure commitments are known only under computational assumptions [13, 24, 15], while the (not UC) unconditional commitment scheme of  is secure only in a weaker model in which the adversary is not allowed to create stateful tokens.
Besides allowing us to prove feasibility of unconditional UC-security with (malicious) PUFs and stateless tokens, our compiler can be instantiated with any ideal straight-line extractable commitment scheme, thus allowing the use of various setup assumptions which may better fit the application or the technology available.
Category / Keywords: foundations / UC, hardware assumptions, unconditional security, commitment scheme
Original Publication (with minor differences): IACR-ASIACRYPT-2013
Date: received 24 Feb 2013, last revised 3 Mar 2015
Contact author: alescafu at gmail com
Available format(s): PDF | BibTeX Citation
Note: Updated related work.
Version: 20150303:225245 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]