Summary: | We address the problem of efficiently verifying a commitment in
a two-party computation. This addresses the scenario where a
party P1 commits to a value 𝑥 to be used in a subsequent secure
computation with another party P2 that wants to receive assurance
that P1 did not cheat, i.e. that 𝑥 was indeed the value inputted into
the secure computation. Our constructions operate in the publicly
verifiable covert (PVC) security model, which is a relaxation of the
malicious model of MPC appropriate in settings where P1 faces a
reputational harm if caught cheating.
We introduce the notion of PVC commitment scheme and indexed hash functions to build commitments schemes tailored to
the PVC framework, and propose constructions for both arithmetic
and Boolean circuits that result in very efficient circuits. From a
practical standpoint, our constructions for Boolean circuits are 60×
faster to evaluate securely, and use 36× less communication than
baseline methods based on hashing. Moreover, we show that our
constructions are tight in terms of required non-linear operations,
by proving lower bounds on the nonlinear gate count of commitment verification circuits. Finally, we present a technique to amplify
the security properties of our constructions that allows to efficiently
recover malicious guarantees with statistical security
|