Paper 2019/201

DL-Extractable UC-Commitment Schemes

Behzad Abdolmaleki, Karim Baghery, Helger Lipmaa, Janno Siim, and Michał Zając


We define a new UC functionality (DL-extractable commitment scheme) that allows committer to open a commitment to a group element $g^x$; however, the simulator will be able to extract its discrete logarithm $x$. Such functionality is useful in situations where the secrecy of $x$ is important since the knowledge of $x$ enables to break privacy while the simulator needs to know $x$ to be able to simulate the corrupted committer. Based on Fujisaki's UC-secure commitment scheme and the Damgård-Fujisaki integer commitment scheme, we propose an efficient commitment scheme that realizes the new functionality. As another novelty, we construct the new scheme in the weaker RPK (registered public key) model instead of the CRS model used by Fujisaki.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
CRS modelextractable commitmentRPK modeluniversal composabilityUC commitment
Contact author(s)
behzad abdolmaleki @ ut ee
karim baghery @ ut ee
helger lipmaa @ ut ee
janno siim @ ut ee
m zajac @ mimuw edu pl
2019-02-27: received
Short URL
Creative Commons Attribution


      author = {Behzad Abdolmaleki and Karim Baghery and Helger Lipmaa and Janno Siim and Michał Zając},
      title = {DL-Extractable UC-Commitment Schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2019/201},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.