Improved Non-committing Encryption with Applications to Adaptively Secure Protocols

TitleImproved Non-committing Encryption with Applications to Adaptively Secure Protocols
Publication TypeBook Chapters
Year of Publication2009
AuthorsChoi SGeol, Dachman-Soled D, Malkin T, Wee H
EditorMatsui M
Book TitleAdvances in Cryptology – ASIACRYPT 2009
Series TitleLecture Notes in Computer Science
Pagination287 - 302
PublisherSpringer Berlin Heidelberg
ISBN Number978-3-642-10365-0, 978-3-642-10366-7
Keywordsadaptive corruption, Algorithm Analysis and Problem Complexity, Applications of Mathematics, Data Encryption, Data Structures, Cryptology and Information Theory, Discrete Mathematics in Computer Science, non-committing encryption, public-key encryption, secure multi-party computation, Systems and Data Security

We present a new construction of non-committing encryption schemes. Unlike the previous constructions of Canetti et al. (STOC ’96) and of Damgård and Nielsen (Crypto ’00), our construction achieves all of the following properties: Optimal round complexity. Our encryption scheme is a 2-round protocol, matching the round complexity of Canetti et al. and improving upon that in Damgård and Nielsen. Weaker assumptions. Our construction is based on trapdoor simulatable cryptosystems, a new primitive that we introduce as a relaxation of those used in previous works. We also show how to realize this primitive based on hardness of factoring. Improved efficiency. The amortized complexity of encrypting a single bit is O(1) public key operations on a constant-sized plaintext in the underlying cryptosystem. As a result, we obtain the first non-committing public-key encryption schemes under hardness of factoring and worst-case lattice assumptions; previously, such schemes were only known under the CDH and RSA assumptions. Combined with existing work on secure multi-party computation, we obtain protocols for multi-party computation secure against a malicious adversary that may adaptively corrupt an arbitrary number of parties under weaker assumptions than were previously known. Specifically, we obtain the first adaptively secure multi-party protocols based on hardness of factoring in both the stand-alone setting and the UC setting with a common reference string.