Improved Non-Committing Encryption Schemes based on a General Complexity
Assumption
Ivan B. Damgård
March 2000 |
Abstract:
Non-committing encryption enables the construction of
multiparty computation protocols secure against an adaptive adversary
in the computational setting where private channels between players are not
assumed. While any non-committing encryption scheme must be secure in the
ordinary semantic sense, the converse is not necessarily true. We propose a
construction of non-committing encryption that can be based on any public key
system which is secure in the ordinary sense and which has an extra property
we call simulatability. The construction contains an earlier proposed
scheme by Beaver based on the Diffie-Hellman problem as a special case, and
we propose another implementation based on RSA. In a more general setting,
our construction can be based on any collection of trapdoor one-way
permutations with a certain simulatability property. This offers a
considerable efficiency improvement over the first non-committing encryption
scheme proposed by Canetti et al. Finally, at some loss of efficiency, our
scheme can be based on general collections of trapdoor one-way permutations
without the simulatability assumption, and without the common domain
assumption of Canetti et al.
Available as PostScript, PDF, DVI. |