TY - GEN
T1 - An algebraic approach to non-malleability
AU - Goyal, Vipul
AU - Richelson, Silas
AU - Rosen, Alon
AU - Vald, Margarita
N1 - Publisher Copyright:
© 2014 IEEE.
PY - 2014/12/7
Y1 - 2014/12/7
N2 - In their seminal work on non-malleable cryptography, Dolev, Dwork and Naor, showed how to construct a non-malleable commitment with logarithmically-many 'rounds'/'slots', the idea being that any adversary may successfully maul in some slots but would fail in at least one. Since then new ideas have been introduced, ultimately resulting in constant-round protocols based on any one-way function. Yet, in spite of this remarkable progress, each of the known constructions of non-malleable commitments leaves something to be desired. In this paper we propose a new technique that allows us to construct a non-malleable protocol with only a single 'slot', and to improve in at least one aspect over each of the previously proposed protocols. Two direct byproducts of our new ideas are a four round non-malleable commitment and a four round non-malleable zero-knowledge argument, the latter matching the round complexity of the best known zero-knowledge argument (without the non-malleability requirement). The protocols are based on the existence of one-way functions and admit very efficient instantiations via standard homomorphic commitments and sigma protocols. Our analysis relies on algebraic reasoning, and makes use of error correcting codes in order to ensure that committers' tags differ in many coordinates. One way of viewing our construction is as a method for combining many atomic sub-protocols in a way that simultaneously amplifies soundness and non-malleability, thus requiring much weaker guarantees to begin with, and resulting in a protocol which is much trimmer in complexity compared to the existing ones.
AB - In their seminal work on non-malleable cryptography, Dolev, Dwork and Naor, showed how to construct a non-malleable commitment with logarithmically-many 'rounds'/'slots', the idea being that any adversary may successfully maul in some slots but would fail in at least one. Since then new ideas have been introduced, ultimately resulting in constant-round protocols based on any one-way function. Yet, in spite of this remarkable progress, each of the known constructions of non-malleable commitments leaves something to be desired. In this paper we propose a new technique that allows us to construct a non-malleable protocol with only a single 'slot', and to improve in at least one aspect over each of the previously proposed protocols. Two direct byproducts of our new ideas are a four round non-malleable commitment and a four round non-malleable zero-knowledge argument, the latter matching the round complexity of the best known zero-knowledge argument (without the non-malleability requirement). The protocols are based on the existence of one-way functions and admit very efficient instantiations via standard homomorphic commitments and sigma protocols. Our analysis relies on algebraic reasoning, and makes use of error correcting codes in order to ensure that committers' tags differ in many coordinates. One way of viewing our construction is as a method for combining many atomic sub-protocols in a way that simultaneously amplifies soundness and non-malleability, thus requiring much weaker guarantees to begin with, and resulting in a protocol which is much trimmer in complexity compared to the existing ones.
KW - commitments
KW - non-malleability
KW - zero-knowledge
UR - http://www.scopus.com/inward/record.url?scp=84920054789&partnerID=8YFLogxK
U2 - 10.1109/FOCS.2014.13
DO - 10.1109/FOCS.2014.13
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84920054789
T3 - Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS
SP - 41
EP - 50
BT - Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS
PB - IEEE Computer Society
T2 - 55th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2014
Y2 - 18 October 2014 through 21 October 2014
ER -