Paper 2019/1065

Subversion-Resistant Commitment Schemes: Definitions and Constructions

Karim Baghery


A commitment scheme allows a committer to create a commitment to a secret value, and later may open and reveal the secret value in a verifiable manner. In the common reference string model, (equivocal) commitment schemes require a setup phase which is supposed to be done by a third trusted party. Recently, various news is reported about the subversion of $\textit{trusted}$ setup phase in mass-surveillance activities; strictly speaking about commitment schemes, recently it was discovered that the SwissPost-Scytl mix-net uses a trapdoor commitment scheme, that allows undetectably altering the votes and breaking users' privacy, given the trapdoor [Hae19, LPT19]. Motivated by such news and recent studies on subversion-resistance of various cryptographic primitives, this research studies the security of commitment schemes in the presence of a maliciously chosen commitment key. To attain a clear understanding of achievable security, we define a variety of current definitions called subversion hiding, subversion equivocality, and subversion binding. Then we provide both negative and positive results on constructing subversion-resistant commitment schemes, by showing that some combinations of notions are not compatible while presenting subversion-resistant constructions that can achieve other combinations.

Note: This is the full version of the paper published in Security and Trust Management 2020.

Available format(s)
Publication info
Published elsewhere. MINOR revision.The 16th International Workshop on Security and Trust Management
Commitment schemessubversion securityreducing trustCRS model
Contact author(s)
karim baghery @ ut ee
baghery karim @ gmail com
2020-08-17: revised
2019-09-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Karim Baghery},
      title = {Subversion-Resistant Commitment Schemes: Definitions and Constructions},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1065},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.