IACR News item: 23 January 2015
Brett Hemenway, Rafail Ostrovsky, Alon Rosen
ePrint Reportparticipants as the protocol proceeds. This is in contrast to the static corruption model where the adversary is forced to choose which participants
to corrupt before the protocol begins.
A central tool for constructing adaptively secure protocols is non-committing encryption (Canetti, Feige, Goldreich and Naor, STOC \'96). The
original protocol of Canetti et al. had ciphertext expansion that was quadratic in the security parameter, and prior to this work, the
best known constructions had ciphertext expansion that was linear in the security parameter.
In this work, we present the first non-committing encryption scheme that achieves ciphertext expansion that is logarithmic in the message length.
Our construction has optimal round complexity (2-rounds), where (just as in all previous constructions) the first message consists of a public-key
of size $\\tilde{\\bigoh}(n \\secpar)$ where $n$ is the message length and $\\secpar$ is the security parameter. The second message consists
of a ciphertext of size $\\bigoh( n \\log n + \\secpar )$. The security of our scheme is proved based on the $\\Phi$-hiding problem.
Additional news items may be found on the IACR news page.