Results 1 
2 of
2
Multitrapdoor commitments and their applications to proofs of knowledge secure under concurrent maninthemiddle attacks (Extended Abstract)
 IN CRYPTO
, 2004
"... We introduce the notion of multitrapdoor commitments which is a stronger form of trapdoor commitment schemes. We then construct two very efficient instantiations of multitrapdoor commitment schemes, one based on the Strong RSA Assumption and the other on the Strong DiffieHellman Assumption. The ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
(Show Context)
We introduce the notion of multitrapdoor commitments which is a stronger form of trapdoor commitment schemes. We then construct two very efficient instantiations of multitrapdoor commitment schemes, one based on the Strong RSA Assumption and the other on the Strong DiffieHellman Assumption. The main application of our new notion is the construction of a compiler that takes any proof of knowledge and transforms it into one which is secure against a concurrent maninthemiddle attack (in the common reference string model). When using our specific implementations, this compiler is very efficient (requires no more than four exponentiations) and maintains the round complexity of the original proof of knowledge. The main practical applications of our results are concurrently secure identification protocols. For these applications our results are the first simple and efficient solutions based on the Strong RSA or DiffieHellman Assumption.
Multitrapdoor Commitments and their Applications to NonMalleable Protocols*
, 2004
"... Abstract We introduce the notion of multitrapdoor commitments which is a stronger form of trapdoorcommitment schemes. We then construct two very efficient instantiations of multitrapdoor commitment schemes, based on the Strong RSA Assumption and the recently introduced StrongDiffieHellman Assumpt ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract We introduce the notion of multitrapdoor commitments which is a stronger form of trapdoorcommitment schemes. We then construct two very efficient instantiations of multitrapdoor commitment schemes, based on the Strong RSA Assumption and the recently introduced StrongDiffieHellman Assumption. The main applications of our result are nonmalleable trapdoor commtiments and a compilerthat takes any proof of knowledge and transforms it into one which is secure against a concurrent maninthemiddle attack. Such a proof of knowledge immediately yields concurrently secureidentification protocols. When using our numbertheoretic istantiations, the nonmalleable commitment and the compiler are very efficient (require no more than four exponentiations). The latter also maintains the round complexity of the original proof of knowledge; it works in the common reference stringmodel, which in any case is necessary to prove security of proofs of knowledge under this kind of attacks. Compared to previously known efficient solutions, ours is a factor of two faster. 1 Introduction A commitment scheme is the cryptographic equivalent of an envelope. Consider the classic example of sealed bid auctions. Parties who want to bid on an item, place their bids in an envelope, in order to maintain secrecy until the end of the bidding period. At that time all bids are revealed by opening the envelopes, which in particular means that parties cannot alter bids at this point. A commitment scheme plays the role of the envelope: it's a cryptographic protocol composed of two phases: the committing phase and the opening phase. At the end of the first phase, a sender has committed to a message which however remains secret; in the opening phase the sender can only reveal that fixed message.