On the existence of statistically hiding bit commitment schemes and fail-stop signatures

Abstract

We show that the existence of a statistically hiding bit commitment scheme with noninteractive opening and public verifiability implies the existence of fail-stop signatures. Therefore such signatures can now be based on any one-way permutation. We also show that genuinely practical fail-stop signatures follow from the existence of any collision-intractable hash function. These are the weakest assumptions known to be sufficient for fail-stop signatures. Conversely, we show that any fail-stop signature scheme with a property we call the almost unique secret key property can be transformed into a statistically hiding bit commitment scheme. All previously known fail-stop signature schemes have this property. We even obtain an equivalence, because we can modify the construction of fail-stop signatures from bit commitments such that it has this property. © 1997 International Association for Cryptologic Research.