Non-committing encryption (NCE) introduced by Canetti et al. (STOC '96) is a central tool to achieve multi-party computation protocols secure in the adaptive setting. Recently, Yoshida et al. (ASI-ACRYPT'19) proposed an NCE scheme based on the hardness of the DDH problem, which has ciphertext expansion O(log λ) and public-key expansion O(λ~2). In this work, we improve their result and propose a methodology to construct an NCE scheme that achieves constant ciphertext expansion. Our methodology can be instantiated from the DDH assumption and the LWE assumption. When instantiated from the LWE assumption, the public-key expansion is λ · poly(log λ). They are the first NCE schemes satisfying constant ciphertext expansion without using iO or common reference strings. Along the way, we define a weak notion of NCE, which satisfies only weak forms of correctness and security. We show how to amplify such a weak NCE scheme into a full-ffedged one using wiretap codes with a new security property.
展开▼