## Cryptology ePrint Archive: Report 2019/201

DL-Extractable UC-Commitment Schemes

Behzad Abdolmaleki and Karim Baghery and Helger Lipmaa and Janno Siim and Michał Zając

Abstract: We define a new UC functionality (DL-extractable commitment scheme) that allows committer to open a commitment to a group element $g^x$; however, the simulator will be able to extract its discrete logarithm $x$. Such functionality is useful in situations where the secrecy of $x$ is important since the knowledge of $x$ enables to break privacy while the simulator needs to know $x$ to be able to simulate the corrupted committer. Based on Fujisaki's UC-secure commitment scheme and the Damgård-Fujisaki integer commitment scheme, we propose an efficient commitment scheme that realizes the new functionality. As another novelty, we construct the new scheme in the weaker RPK (registered public key) model instead of the CRS model used by Fujisaki.

Category / Keywords: cryptographic protocols / CRS model, extractable commitment, RPK model, universal composability, UC commitment