You are looking at a specific version 20190921:115806 of this paper. See the latest version.

Paper 2019/1065

Subversion-Resistant Commitment Schemes: Definitions and Constructions

Karim Baghery

Abstract

A commitment scheme allows a committer to create a commitment to a secret value, and later may open and reveal the secret value in a verifiable manner. In the common reference string model, commitment schemes require a setup phase which is supposed to be done by a third trusted party or distributed authority. During last few years, various news are reported about subversion of $\textit{trusted}$ setup phase in mass-surveillance activities; strictly speaking about commitment schemes, recently it was discovered that the SwissPost-Scytl mix-net uses a trapdoor commitment scheme, that allows undetectably altering the votes once you know the trapdoor [Hae19, LPT19]. Motivated by such news and recent studies on subversion-resistance of various cryptographic primitives, this research studies security of commitment schemes in the presence of a maliciously chosen public commitment key. To attain a clear understanding of achievable security, we present a variation of current definitions called subversion hiding, subversion equivocality and subversion binding. Then we provide both negative and positive results on constructing subversion-resistant commitment schemes, by showing that some combinations of notions are not compatible, while presenting subversion-resistant constructions that can achieve other combinations.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint. MINOR revision.
Keywords
Commitment schemessubversion securitycommon reference string model
Contact author(s)
karim baghery @ ut ee
History
2020-08-17: revised
2019-09-21: received
See all versions
Short URL
https://ia.cr/2019/1065
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.