[Resource Topic] 2019/1065: Subversion-Resistant Commitment Schemes: Definitions and Constructions

Welcome to the resource topic for 2019/1065

Subversion-Resistant Commitment Schemes: Definitions and Constructions

Authors: Karim Baghery


A commitment scheme allows a committer to create a commitment to a secret value, and later may open and reveal the secret value in a verifiable manner. In the common reference string model, (equivocal) commitment schemes require a setup phase which is supposed to be done by a third trusted party. Recently, various news is reported about the subversion of \textit{trusted} setup phase in mass-surveillance activities; strictly speaking about commitment schemes, recently it was discovered that the SwissPost-Scytl mix-net uses a trapdoor commitment scheme, that allows undetectably altering the votes and breaking users’ privacy, given the trapdoor [Hae19, LPT19]. Motivated by such news and recent studies on subversion-resistance of various cryptographic primitives, this research studies the security of commitment schemes in the presence of a maliciously chosen commitment key. To attain a clear understanding of achievable security, we define a variety of current definitions called subversion hiding, subversion equivocality, and subversion binding. Then we provide both negative and positive results on constructing subversion-resistant commitment schemes, by showing that some combinations of notions are not compatible while presenting subversion-resistant constructions that can achieve other combinations.

ePrint: https://eprint.iacr.org/2019/1065

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .