| ¡¡ | Chinese Journal of Computers Full Text |
| Title | Universally Composable Mercurial Commitment Scheme |
| Authors | XU Hai-Xia LI Hong-Da LI Bao |
| Address | (State Key Laboratory of Information Security, Graduate University of Chinese Academy of Sciences, Beijing 100049) |
| Year | 2008 |
| Issue | No.9(1653¡ª1660) |
| Abstract & Background | Abstract A mercurial commitment scheme is an interesting variation of a regular commitment scheme, which extends to allow for a soft decommit stage. The soft decommitments are not binding but can not conflict with the true decommmitments. The original application of mercurial commitment is to construct zero knowledge sets. The universally composable framework initiated by Canetti is very useful due to its ensuring stronger securities such as concurrent security, adaptive security, non-malleability, etc. This paper proposes a universally composable mercurial commitment scheme and proves its security in the common reference string (CRS) model. On one hand, the research on mercurial commitment scheme is deepened, on the other hand the result answers an open problem presented by Gennaro and Micali. Keywords universally composable; mercurial commitment Background This work is supported by the National Natural Science Foundation of China under grant No.60673073, National High Technology Research and Development Program (863 Program) of China under Grant No.2006AA01Z427, National Basic Research Program of China (973 Program) of China under grant Nos.2007CB311201, 2007CB311202 and Foundation of Graduate University of Chinese Academy of Sciences (065001G). The notion of commitment scheme is one of the most important primitives in cryptography. A commitment scheme must be hiding and binding. Mercurial commitments, proposed by Chase et al., are an interesting variation of regular commitments. Compared to the conventional commitment schemes, the mercurial commitment schemes admit a relaxation of the binding property. Mercurial commitments change the regular open phase into a two-stage opening protocol. One is the soft-open stage which is not binding but cannot conflict with the true decommitment. The other is the hard-open stage which is the same as the open stage in an usual commitment scheme. The universal composability framework, presented by Canetti, inherits the ideal-process vs. real-world method initiated by Goldreich et al, but ensures stronger security properties such as concurrent composition, adaptive security, non-malleability, etc. In this paper, the authors present a universally composable mercurial commitment scheme based on the assumption of existence of claw-free trapdoor permutations and an semantic security encryption scheme under adaptive chosen ciphertext attacks. The authors show that their scheme securely realizes an ideal mercurial commitment functionality in the common reference string (CRS) model. |