Fast Non-Malleable Commitments

The notion of non-malleability in cryptography refers to the setting where the adversary is a man-in-the-middle (MIM) who takes part in two or more protocol executions and tries to use information obtained in one, to violate the security of another. Despite two decades of research, non-malleable commitments (NMCs) have remained too inefficient to be implemented in practice, without some sort of trusted setup. In this work, we give a fast implementation of NMC in the plain model, based on the DDH assumption being hard over elliptic curve groups. Our main theoretical result is a new NMC scheme which can be thought of as a "high dimensional" generalization of the one in the recent work of [GRRV14]. Central to our efficiency improvements is a method of constraining challenges sent by the receiver. This new approach enables us to obtain dramatically improved parameters over those suggested in [GRRV14]. In particular, our work opens the door to implementations based on Elliptic Curves. Our prototype implementation gives evidence of our protocol's efficiency. Additionally, like the Elgamal commitment it is built on top of, our scheme allows for homomrphic operations on committed values, and is amenable to fast Schnorr proofs of knowledge. Thus, it will work well when used as a building block inside larger cryptographic protocols. As an example of its performance, our protocol allows a committer to commit to a 1.9-KB message using a scheme supporting 2 20 identities in less than one second.