# [Resource Topic] 2019/1151: Non-Committing Encryption with Quasi-Optimal Ciphertext-Rate Based on the DDH Problem

Welcome to the resource topic for 2019/1151

Title:
Non-Committing Encryption with Quasi-Optimal Ciphertext-Rate Based on the DDH Problem

Authors: Yusuke Yoshida, Fuyuki Kitagawa, Keisuke Tanaka

Abstract:

Non-committing encryption (NCE) was introduced by Canetti et al. (STOC ‘96). Informally, an encryption scheme is non-committing if it can generate a dummy ciphertext that is indistinguishable from a real one. The dummy ciphertext can be opened to any message later by producing a secret key and an encryption random coin which explain’’ the ciphertext as an encryption of the message. Canetti et al. showed that NCE is a central tool to achieve multi-party computation protocols secure in the adaptive setting. An important measure of the efficiently of NCE is the ciphertext rate, that is the ciphertext length divided by the message length, and previous works studying NCE have focused on constructing NCE schemes with better ciphertext rates. We propose an NCE scheme satisfying the ciphertext rate \mathcal{O}(\log \lambda) based on the decisional Diffie-Hellman (DDH) problem, where \lambda is the security parameter. The proposed construction achieves the best ciphertext rate among existing constructions proposed in the plain model, that is, the model without using common reference strings. Previously to our work, an NCE scheme with the best ciphertext rate based on the DDH problem was the one proposed by Choi et al.~(ASIACRYPT '09) that has ciphertext rate \mathcal{O}(\lambda). Our construction of NCE is similar in spirit to that of the recent construction of the trapdoor function proposed by Garg and Hajiabadi (CRYPTO '18).

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.