Non-committing encryption (NCE) was introduced in order to implement secure channels under adaptive corruptions in situations when data erasures are not trustworthy. In this paper we are interested in the rate of NCE, i.e. in how many bits the sender and receiver need to send per plaintext bit. In initial constructions the length of both the receiver message, namely the public key, and the sender message, namely the ciphertext, is m · poly(λ) for an m-bit message, where λ is the security parameter. Subsequent work improve efficiency significantly, achieving rate poly log(λ). We show the first construction of a constant-rate NCE. In fact, our scheme has rate 1 + o(1), which is comparable to the rate of plain semantically secure encryption. Our scheme operates in the common reference string (CRS) model. Our CRS has size poly(m · λ), but it is reusable for an arbitrary polynomial number of m-bit messages. In addition, ours is the first NCE construction with perfect correctness. We assume one way functions and indistinguishability obfuscation for circuits.
展开▼