TY - GEN
T1 - Optimal-rate non-committing encryption
AU - Canetti, Ran
AU - Poburinnaya, Oxana
AU - Raykova, Mariana
N1 - Publisher Copyright:
© International Association for Cryptologic Research 2017.
PY - 2017
Y1 - 2017
N2 - Non-committing encryption (NCE) was introduced in order to implement secure channels under adaptive corruptions in situations when data erasures are not trustworthy. In this paper we are interested in the rate of NCE, i.e. in how many bits the sender and receiver need to send per plaintext bit. In initial constructions the length of both the receiver message, namely the public key, and the sender message, namely the ciphertext, is m·poly(λ) for an m-bit message, where λ is the security parameter. Subsequent work improve efficiency significantly, achieving rate poly log(λ). We show the first construction of a constant-rate NCE. In fact, our scheme has rate 1+o(1), which is comparable to the rate of plain semantically secure encryption. Our scheme operates in the common reference string (CRS) model. Our CRS has size poly(m·λ), but it is reusable for an arbitrary polynomial number of m-bit messages. In addition, ours is the first NCE construction with perfect correctness. We assume one way functions and indistinguishability obfuscation for circuits.
AB - Non-committing encryption (NCE) was introduced in order to implement secure channels under adaptive corruptions in situations when data erasures are not trustworthy. In this paper we are interested in the rate of NCE, i.e. in how many bits the sender and receiver need to send per plaintext bit. In initial constructions the length of both the receiver message, namely the public key, and the sender message, namely the ciphertext, is m·poly(λ) for an m-bit message, where λ is the security parameter. Subsequent work improve efficiency significantly, achieving rate poly log(λ). We show the first construction of a constant-rate NCE. In fact, our scheme has rate 1+o(1), which is comparable to the rate of plain semantically secure encryption. Our scheme operates in the common reference string (CRS) model. Our CRS has size poly(m·λ), but it is reusable for an arbitrary polynomial number of m-bit messages. In addition, ours is the first NCE construction with perfect correctness. We assume one way functions and indistinguishability obfuscation for circuits.
KW - Adaptive security
KW - Non-committing encryption
UR - http://www.scopus.com/inward/record.url?scp=85037862143&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-70700-6_8
DO - 10.1007/978-3-319-70700-6_8
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:85037862143
SN - 9783319706993
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 212
EP - 241
BT - Advances in Cryptology – ASIACRYPT 2017 - 23rd International Conference on the Theory and Applications of Cryptology and Information Security, Proceedings
A2 - Takagi, Tsuyoshi
A2 - Peyrin, Thomas
PB - Springer Verlag
T2 - 23rd Annual International Conference on Theory and Application of Cryptology and Information Security, ASIACRYPT 2017
Y2 - 3 December 2017 through 7 December 2017
ER -