International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: Universally Composable Commitments

Ran Canetti
Marc Fischlin
Search ePrint
Search Google
Abstract: We propose a new security measure for commitment protocols, called /universally composable/ (UC) Commitment. The measure guarantees that commitment protocols behave like an "ideal commitment service," even when concurrently composed with an arbitrary set of protocols. This is a strong guarantee: it implies that security is maintained even when an unbounded number of copies of the scheme are running concurrently, it implies non-malleability (not only with respect to other copies of the same protocol but even with respect to other protocols), it provides resilience to selective decommitment, and more. Unfortunately two-party UC commitment protocols do not exist in the plain model. However, we construct two-party UC commitment protocols, based on general complexity assumptions, in the /common reference string model/ where all parties have access to a common string taken from a predetermined distribution. The protocols are non-interactive, in the sense that both the commitment and the opening phases consist of a single message from the committer to the receiver.
  title={Universally Composable Commitments},
  booktitle={IACR Eprint archive},
  keywords={foundations / commitment schemes, concurrent composition,},
  note={extended abstract appears in Proceedings of Crypto 2001 11513 received 10 Jul 2001},
  author={Ran Canetti and Marc Fischlin},