- #1
Dragonfall
- 1,030
- 4
Can any public-key cryptosystem be turned into a bit-commitment scheme? For example, if I encrypt a bit using my public key and send it to Bob, how can I cheat?
A commitment scheme can either be perfectly binding (it is impossible for Alice to alter her commitment after she has made it, even if she has unbounded computational resources) or perfectly concealing (it is impossible for Bob to find out the commitment without Alice revealing it, even if he has unbounded computational resources) but not both.
"Bit-commitment" refers to a cryptographic protocol where a party commits to a certain value (usually a bit, meaning either 0 or 1) without revealing the actual value until a later point. This is achieved using public-key encryption, where the committing party encrypts the value using the receiver's public key. The receiver cannot decrypt the value until the committing party reveals the corresponding private key.
The protocol typically involves two steps: commitment and unveiling. In the commitment step, the committing party encrypts the desired value using the receiver's public key, creating a ciphertext. In the unveiling step, the committing party reveals the corresponding private key, allowing the receiver to decrypt the ciphertext and obtain the committed value. This ensures that the committing party cannot change the value after it has been committed.
One advantage is that it allows for secure communication over an insecure channel, as the committed value cannot be tampered with or changed by the committing party. It also allows for non-repudiation, meaning the committing party cannot deny committing to a certain value. Additionally, it can be used in various applications such as secure voting, electronic lotteries, and secure auctions.
One limitation is that it relies on the security of the underlying public-key encryption scheme. If the encryption scheme is broken, the committed value can be decrypted and potentially changed by an attacker. Additionally, if the committing party does not reveal the private key, the receiver will not be able to obtain the committed value.
"Bit-commitment based on public-key encryption" differs from other protocols in that it uses public-key encryption to achieve commitment, rather than other cryptographic primitives such as hash functions or symmetric encryption. This makes it more secure against certain attacks, such as a malicious receiver trying to guess the committed value. It also allows for more flexibility in the unveiling step, as the committed value can be revealed using the corresponding private key at any time.