Efficient non-malleable commitment schemes

Abstract

Non-malleability protects against man-in-the middle attacks on cryptographic protocols. Non-malleable commitment schemes, for example, assure that a commitment of a message does not help to produce a commitment of a related message. Here we present efficient constructions of such commitment schemes in the common reference string model based on standard assumptions such as RSA, factoring, or discrete logarithm. Our protocols require only three rounds and a few modular exponentiations, and provide statistical or even perfect secrecy of committed values. We also discuss differences between the notion of non-malleable commitment schemes used in previous works by Dolev, Dwork, and Naor and by Di Crescenzo, Ishai, and Ostrovsky. The former definition requires that it is infeasible to find a commitment such that there exists an encapsulated message which is related to another committed value (non-malleability with respect to commitment). The second approach allows the existence of such messages, but then it is hard to find them and to output them in the opening phase (non-malleability with respect to opening). We note that our solutions are of the second type. © 2009 International Association for Cryptologic Research.