Adaptively Secure Non-Interactive Commitment Scheme Sample Clauses

Adaptively Secure Non-Interactive Commitment Scheme. An adaptively secure non-interactive commitment scheme consists of the following algorithms: ← – crs Gen(1κ): Takes in a security parameter κ, and generates a common reference string crs. ← – C com(crs, v, ρ): Takes in crs, a value v, and a random string ρ, and outputs a committed value C. ← – b ver(crs, C, v, ρ): Takes in a crs, a commitment C, a purported opening (v, ρ), and outputs 0 (reject) or 1 (accept). Σ ← A Σ ≈ Computationally hiding under selective opening. We say that a commit- ment scheme (Gen, com, ver) is computationally hiding under selective opening, iff there exists a probabilistic polynomial time algorithms (Gen0, com0, Explain) such that Σ Σ Pr crs Gen(1κ), Real(crs,·)(crs) = 1 Pr (crs0, τ0) ← ▇▇▇▇(▇▇), ▇▇▇▇▇▇(▇▇▇▇ ,▇▇ ,·)(crs0) = 1 , where Real(crs, v) runs the honest algorithm com(crs, v, r) with randomness r and obtains the commitment C, it then outputs (C, r); Ideal(crs0, τ0, v) runs the simulated algorithm C ← comm0(crs0, τ0, ρ) with randomness ρ and without v, and then runs r ← Explain(crs0, τ0, v, ρ) and outputs (C, r). Perfectly binding. A commitment scheme is said to be perfectly binding iff for every crs in the support of the honest CRS generation algorithm, there does not exist (v, ρ) ƒ= (vj, ρj) such that com(crs, v, ρ) = ▇▇▇(▇▇▇, ▇▇, ▇▇). Theorem 3 (Instantiation of our NIZK and commitment schemes [17]). Assume standard bilinear group assumptions7. Then, there exists a proof system that satisfies perfect completeness, non-erasure computational zero-knowledge, and perfect knowledge extraction. Further, there exist a commitment scheme that is perfectly binding and computationally hiding under selective opening.