Paper 2020/1210

Non-Committing Encryption with Constant Ciphertext Expansion from Standard Assumptions

Yusuke Yoshida, Fuyuki Kitagawa, Keita Xagawa, and Keisuke Tanaka


Non-committing encryption (NCE) introduced by Canetti et al. (STOC '96) is a central tool to achieve multi-party computation protocols secure in the adaptive setting. Recently, Yoshida et al. (ASIACRYPT '19) proposed an NCE scheme based on the hardness of the DDH problem, which has ciphertext expansion $\mathcal{O}(\log\lambda)$ and public-key expansion $\mathcal{O}(\lambda^2)$. In this work, we improve their result and propose a methodology to construct an NCE scheme that achieves constant ciphertext expansion.Our methodology can be instantiated from the DDH assumption and the LWE assumption. When instantiated from the LWE assumption, the public-key expansion is $\lambda\cdot\mathsf{poly}(\log\lambda)$. They are the first NCE schemes satisfying constant ciphertext expansion without using iO or common reference strings. Along the way, we define a weak notion of NCE, which satisfies only weak forms of correctness and security.We show how to amplify such a weak NCE scheme into a full-fledged one using wiretap codes with a new security property.

Available format(s)
Public-key cryptography
Publication info
A minor revision of an IACR publication in ASIACRYPT 2020
Non-Committing EncryptionWiretap CodesLearning with Errors
Contact author(s)
yoshida y aw @ m titech ac jp
fuyuki kitagawa yh @ hco ntt co jp
keita xagawa zv @ hco ntt co jp
keisuke @ is titech ac jp
2020-10-06: received
Short URL
Creative Commons Attribution


      author = {Yusuke Yoshida and Fuyuki Kitagawa and Keita Xagawa and Keisuke Tanaka},
      title = {Non-Committing Encryption with Constant Ciphertext Expansion from Standard Assumptions},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1210},
      year = {2020},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.