Cryptology ePrint Archive: Report 2015/501

Multi-Prover Commitments Against Non-Signaling Attacks

Serge Fehr and Max Fillinger

Abstract: We reconsider the concept of two-prover (and more generally: multi-prover) commitments, as introduced in the late eighties in the seminal work by Ben-Or et al. As was recently shown by Crépeau et al., the security of known two-prover commitment schemes not only relies on the explicit assumption that the two provers cannot communicate, but also depends on what their information processing capabilities are. For instance, there exist schemes that are secure against classical provers but insecure if the provers have quantum information processing capabilities, and there are schemes that resist such quantum attacks but become insecure when considering general so-called non-signaling provers, which are restricted solely by the requirement that no communication takes place.

This poses the natural question whether there exists a two-prover commitment scheme that is secure under the sole assumption that no communication takes place, and that does not rely on any further restriction of the information processing capabilities of the dishonest provers; no such scheme is known.

In this work, we give strong evidence for a negative answer: we show that any single-round two-prover commitment scheme can be broken by a non-signaling attack. Our negative result is as bad as it can get: for any candidate scheme that is (almost) perfectly hiding, there exists a strategy that allows the dishonest provers to open a commitment to an arbitrary bit (almost) as successfully as the honest provers can open an honestly prepared commitment, i.e., with probability (almost) $1$ in case of a perfectly sound scheme. In the case of multi-round schemes, our impossibility result is restricted to perfectly hiding schemes.

On the positive side, we show that the impossibility result can be circumvented by considering {\em three} provers instead: there exists a three-prover commitment scheme that is secure against arbitrary non-signaling attacks.

Category / Keywords: foundations / bit commitment, non-signaling, multi-prover

Original Publication (with minor differences): IACR-CRYPTO-2015

Date: received 26 May 2015, last revised 4 Jun 2015

Contact author: Max Fillinger at cwi nl

Available format(s): PDF | BibTeX Citation

Version: 20150604:094455 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]