On the Complexity of UC Commitments Conference Paper

abstract

• Motivated by applications to secure multiparty computation, we study the complexity of realizing universally composable (UC) commitments. Several recent works obtain practical UC commitment protocols in the common reference string (CRS) model under the DDH assumption. These protocols have two main disadvantages. First, even when applied to long messages, they can only achieve a small constant rate (namely, the communication complexity is larger than the length of the message by a large constant factor). Second, they require computationally expensive public-key operations for each block of each message being committed. Our main positive result is a UC commitment protocol that simultaneously avoids both of these limitations. It achieves an optimal rate of 1 (strictly speaking, 1 - o(1)) by making only few calls to an ideal oblivious transfer (OT) oracle and additionally making a black-box use of a (computationally inexpensive) PRG. By plugging in known efficient protocols for UC-secure OT, we get rate-1, computationally efficient UC commitment protocols under a variety of setup assumptions (including the CRS model) and under a variety of standard cryptographic assumptions (including DDH). We are not aware of any previous UC commitment protocols that achieve an optimal asymptotic rate. A corollary of our technique is a rate-1 construction for UC commitment length extension, that is, a UC commitment protocol for a long message using a single ideal commitment for a short message. The extension protocol additionally requires the use of a semi-honest (stand-alone) OT protocol. This raises a natural question: can we achieve UC commitment length extension while using only inexpensive PRG operations as is the case for stand-alone commitments and UC OT? We answer this question in the negative, showing that the existence of a semi-honest OT protocol is necessary (and sufficient) for UC commitment length extension. This shows, quite surprisingly, that UC commitments are qualitatively different from both stand-alone commitments and UC OT. 2014 International Association for Cryptologic Research.

name of conference

• Advances in Cryptology - EUROCRYPT 2014 - 33rd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Copenhagen, Denmark, May 11-15, 2014. Proceedings

authors

• Garay, Juan

published proceedings

• Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

author list (cited authors)

• Garay, J. A., Ishai, Y., Kumaresan, R., & Wee, H.

citation count

• 16

complete list of authors

• Garay, Juan A||Ishai, Yuval||Kumaresan, Ranjit||Wee, Hoeteck

publication date

• January 2014

publisher

• Springer Nature  Publisher

published in

• Lecture Notes in Artificial Intelligence  Journal

keywords

• Clinical Research

Digital Object Identifier (DOI)

• 10.1007/978-3-642-55220-5_37

International Standard Book Number (ISBN) 13

• 9783642552199

start page

• 677

end page

• 694

volume

• 8441

URL

• http://dx.doi.org/10.1007/978-3-642-55220-5_37