TY - GEN
T1 - Fast non-malleable commitments
AU - Brenner, Hai
AU - Goyal, Vipul
AU - Richelson, Silas
AU - Rosen, Alon
AU - Vald, Margarita
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/10/12
Y1 - 2015/10/12
N2 - The notion of non-malleability in cryptography refers to the setting where the adversary is a man-in-the-middle (MIM) who takes part in two or more protocol executions and tries to use information obtained in one, to violate the security of another. Despite two decades of research, non-malleable commitments (NMCs) have remained too inefficient to be implemented in practice, without some sort of trusted setup. In this work, we give a fast implementation of NMC in the plain model, based on the DDH assumption being hard over elliptic curve groups. Our main theoretical result is a new NMC scheme which can be thought of as a "high dimensional" generalization of the one in the recent work of [GRRV14]. Central to our efficiency improvements is a method of constraining challenges sent by the receiver. This new approach enables us to obtain dramatically improved parameters over those suggested in [GRRV14]. In particu- lar, our work opens the door to implementations based on Elliptic Curves. Our prototype implementation gives evidence of our protocol's efficiency. Additionally, like the Elgamal commitment it is built on top of, our scheme allows for homomrphic operations on committed values, and is amenable to fast Schnorr proofs of knowledge. Thus, it will work well when used as a building block inside larger cryptographic protocols. As an example of its performance, our protocol allows a committer to commit to a 1:9-KB message using a scheme supporting 220 identities in less than one second.
AB - The notion of non-malleability in cryptography refers to the setting where the adversary is a man-in-the-middle (MIM) who takes part in two or more protocol executions and tries to use information obtained in one, to violate the security of another. Despite two decades of research, non-malleable commitments (NMCs) have remained too inefficient to be implemented in practice, without some sort of trusted setup. In this work, we give a fast implementation of NMC in the plain model, based on the DDH assumption being hard over elliptic curve groups. Our main theoretical result is a new NMC scheme which can be thought of as a "high dimensional" generalization of the one in the recent work of [GRRV14]. Central to our efficiency improvements is a method of constraining challenges sent by the receiver. This new approach enables us to obtain dramatically improved parameters over those suggested in [GRRV14]. In particu- lar, our work opens the door to implementations based on Elliptic Curves. Our prototype implementation gives evidence of our protocol's efficiency. Additionally, like the Elgamal commitment it is built on top of, our scheme allows for homomrphic operations on committed values, and is amenable to fast Schnorr proofs of knowledge. Thus, it will work well when used as a building block inside larger cryptographic protocols. As an example of its performance, our protocol allows a committer to commit to a 1:9-KB message using a scheme supporting 220 identities in less than one second.
KW - Elliptic curve cryptography
KW - Non-malleable commitments
KW - Practical implementation
KW - Protocols
UR - http://www.scopus.com/inward/record.url?scp=84954141931&partnerID=8YFLogxK
U2 - 10.1145/2810103.2813721
DO - 10.1145/2810103.2813721
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84954141931
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1048
EP - 1057
BT - CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
Y2 - 12 October 2015 through 16 October 2015
ER -