Improved Non-Committing Encryption Schemes based on a General Complexity Assumption

  • Ivan B. Damgård
  • Jesper Buus Nielsen


Non-committing encryption enables the construction of multiparty computation protocols secure against an adaptive adversary in the computational setting where private channels between players are not assumed. While any non-committing encryption scheme must be secure in the ordinary semantic sense, the converse is not necessarily true. We propose a construction of non-committing encryption that can be based on any public key system which is secure in the ordinary sense and which has an extra property we call simulatability. The construction contains an earlier proposed scheme by Beaver based on the Die-Hellman problem as a special case, and we propose another implementation based on RSA. In a more general setting, our construction can be based on any collection of trapdoor one-way permutations
with a certain simulatability property. This offers a considerable efficiency
improvement over the first non-committing encryption scheme proposed by
Canetti et al. Finally, at some loss of efficiency, our scheme can be based on general collections of trapdoor one-way permutations without the simulatability assumption, and without the common domain assumption of Canetti et al.
How to Cite
Damgård, I., & Nielsen, J. (2000). Improved Non-Committing Encryption Schemes based on a General Complexity Assumption. BRICS Report Series, 7(6).