Lattice-Based Commitment Scheme for Low Communication Costs

Commitment schemes are cryptographic schemes that can be applied to zero-knowledge proof construction and blockchain construction. Recently, lattice-based cryptography has been intensively investigated due to the promising potential in quantum cryptography. Accordingly, commitment schemes based on lattice assumptions have been studied for practical applications. Notably, applications often require committing an arbitrary message with low communication costs, so commitment schemes must be satisfied with fewer length restrictions and fewer extensions to the messages. Several studies have been conducted to achieve the problem, including the study published by Baum et al. in 2018. However, the output length of their scheme is large in relation to the input length. We design a length-extension-free commitment scheme Com(MWM) in which the length of the message string is large relative to the length of the commitment string, improving on the commitment scheme of Baum et al. Furthermore, we prove that the hiding and binding properties of Com(MWM) are based on the hardness of the decisional search knapsack problem and extended search knapsack problems, respectively. Finally, we evaluate the computation costs of generating commitment value between ours and Baum et al.'s commitment scheme.