At Crypto 2000,Boneh and Naor first introduced the timed commitment scheme , whose commitments are secure against parallel attacks while ensuring the possibility of forced opening. There are many important applications for the timed commitment scheme, such as fair exchange protocol, fair multi-party secure computation and fair multi-party coin-flipping. However, the plain Boneh-Naor's construction is very expensive, it needs a lot of computation and bandwidth in each commitment. In the paper, based on Pedersen commitment scheme, generalized Blum-Blum-Shub assumption and master timelines techniques, we construct an efficient timed commitment scheme. The master time-line of new scheme is generated in the setup step, and can be reused. Compared to Boneh-Naor's construction, we lower the session costs of existing timed applications. Furthermore, our commitment scheme has another important property: homomorphism.%Boneh和Naor在2000年美密会上提出了时控承诺机制,它能抵抗并行暴力攻击,且保留了强制打开承诺值的可能性.之后,时控承诺机制在密码学许多领域得到了大量应用,例如公平交换协议、公平多方安全计算及公平多方抛币协议.然而,在Boneh-Naor方案中,每次承诺均需要大量的模幂运算和网络带宽,效率很低.本文基于Pedersen承诺机制、GBBS假设和主时间线元素组技术,构造了一种高效的同态时控承诺方案.新方案中主时间线元素组仅在初始化阶段进行一次运算与证明,极大地节省了每次承诺的计算时间和网络带宽.其次,相比于其它方案,新方案具有另一重要特性:同态性.
展开▼
