<p>We present and compare definitions of the notion of "statistically<br />hiding" protocols, and we propose a novel statistically hiding commitment<br />scheme. Informally, a protocol statistically hides a secret if a<br />computationally unlimited adversary who conducts the protocol with<br />the owner of the secret learns almost nothing about it. One definition<br />is based on the L1-norm distance between probability distributions,<br />the other on information theory. We prove that the two definitions are<br />essentially equivalent. For completeness, we also show that statistical<br />counterparts of definitions of computational secrecy are essentially<br />equivalent to our main definitions. Commitment schemes are an important<br /> cryptologic primitive. Their purpose is to commit one party to a certain value,<br /> while hiding this value from the other party until some later time.<br /> We present a statistically<br />hiding commitment scheme allowing commitment to many<br />bits. The commitment and reveal protocols of this scheme are constant<br />round, and the size of a commitment is independent of the number of<br />bits committed to. This also holds for the total communication complexity,<br />except of course for the bits needed to send the secret when it<br />is revealed. The proof of the hiding property exploits the equivalence<br />of the two definitions.</p><p>Index terms -- Cryptology, Shannon theory, unconditional security,<br />statistically hiding, multi-bit commitment, similarity of ensembles<br />of distributions, zero-knowledge, protocols.</p><p> </p>
Summoning, No-Signalling and Relativistic Bit Commitments
