Subversion-Resistant Commitment Schemes: Definitions and Constructions

We analyze the situation where computationally binding string commitment schemes are used to force the receiver of a BB84 encoding of a classical bitstring to measure upon reception. Since measuring induces an irreversible collapse to the received quantum state, even given extra information after the measurement does not allow the receiver to evaluate reliably some predicates apply to the classical bits encoded in the state. This fundamental quantum primitive is called quantum measure commitment (QMC) and allows for secure two-party computation of classical functions. An adversary to QMC is one that can both provide valid proof of having measured the received states while still able to evaluate a predicate applied to the classical content of the encoding. We give the first quantum black-box reduction for the security of QMC to the binding property of the string commitment. We characterize a class of quantum adversaries against QMC that can be transformed into adversaries against a weak form for the binding property of the string commitment. Our result provides a construction for 1--2-oblivious transfer that is computationally secure against the receiver and unconditionally secure against the sender from any string commitment scheme satisfying a weak binding property.

Download Full-text

An Approach to the Construction of a Recursive Argument of Polynomial Evaluation in the Discrete Log Setting

Electronics ◽

10.3390/electronics11010131 ◽

2022 ◽

Vol 11 (1) ◽

pp. 131

Author(s):

Sungwook Kim

Keyword(s):

Class Group ◽

Building Blocks ◽

Security Requirements ◽

Ideal Class ◽

Ideal Class Group ◽

Imaginary Quadratic Fields ◽

Polynomial Evaluation ◽

Commitment Scheme ◽

Commitment Schemes ◽

Cryptographic Assumptions

Succinct Non-interactive Arguments of Knowledge (SNARks) are receiving a lot of attention as a core privacy-enhancing technology for blockchain applications. Polynomial commitment schemes are important building blocks for the construction of SNARks. Polynomial commitment schemes enable the prover to commit to a secret polynomial of the prover and convince the verifier that the evaluation of the committed polynomial is correct at a public point later. Bünz et al. recently presented a novel polynomial commitment scheme with no trusted setup in Eurocrypt’20. To provide a transparent setup, their scheme is built over an ideal class group of imaginary quadratic fields (or briefly, class group). However, cryptographic assumptions on a class group are relatively new and have, thus far, not been well-analyzed. In this paper, we study an approach to transpose Bünz et al.’s techniques in the discrete log setting because the discrete log setting brings a significant improvement in efficiency and security compared to class groups. We show that the transposition to the discrete log setting can be obtained by employing a proof system for the equality of discrete logarithms over multiple bases. Theoretical analysis shows that the transposition preserves security requirements for a polynomial commitment scheme.

Download Full-text