## Cryptology ePrint Archive: Report 2020/1210

Non-Committing Encryption with Constant Ciphertext Expansion from Standard Assumptions

Yusuke Yoshida and Fuyuki Kitagawa and Keita Xagawa and Keisuke Tanaka

Abstract: Non-committing encryption (NCE) introduced by Canetti et al. (STOC '96) is a central tool to achieve multi-party computation protocols secure in the adaptive setting. Recently, Yoshida et al. (ASIACRYPT '19) proposed an NCE scheme based on the hardness of the DDH problem, which has ciphertext expansion $\mathcal{O}(\log\lambda)$ and public-key expansion $\mathcal{O}(\lambda^2)$. In this work, we improve their result and propose a methodology to construct an NCE scheme that achieves constant ciphertext expansion.Our methodology can be instantiated from the DDH assumption and the LWE assumption. When instantiated from the LWE assumption, the public-key expansion is $\lambda\cdot\mathsf{poly}(\log\lambda)$. They are the first NCE schemes satisfying constant ciphertext expansion without using iO or common reference strings. Along the way, we define a weak notion of NCE, which satisfies only weak forms of correctness and security.We show how to amplify such a weak NCE scheme into a full-fledged one using wiretap codes with a new security property.

Category / Keywords: public-key cryptography / Non-Committing Encryption, Wiretap Codes, Learning with Errors

Original Publication (with minor differences): IACR-ASIACRYPT-2020