S. Halevi, Efficient commitment with bounded sender and unbounded receiver. In D. Coppersmith, editor, Proc. Crypto `95. Lecture Notes in Computer Science, volume 963, Springer-Verlag, 1995. Pages 84--96.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....any element y 2 Z n we have Pr x2Z N i fN;s 1 (x 2 ) j 2 k = y = Pr x2Z N i fN;s 2 (x 2 ) j 2 k = y Below we give an elegant proof for Lemma 3. 3 which is due to Damgard [9] A longer proof for the same claim can be found in the preliminary version of this paper [15]. For this proof, we need to review a few facts. The first fact about the function f s;N ( Delta) was first observed by Goldreich: Fact 3.4: 12] For any integer N , any string s and any element x 2 Z N , f s;N (x) 2 2s Delta x 2 jsj , where s is the integer whose binary ....

S. Halevi, Efficient commitment with bounded sender and unbounded receiver. In D. Coppersmith, editor, Proc. Crypto `95. Lecture Notes in Computer Science, volume 963, Springer-Verlag, 1995. Pages 84--96.

....permutation pairs enables one to commit to long messages using about the same amount of local computation as in Blum s scheme, but to send only a k bit commitment string, regardless of the length of the message being committed to. Since then, this construction was used in many other works (e.g. [2, 8, 9, 10, 14]) One common problem of all these constructions is that they all rely on composite numbers of a special form (i.e. product of two primes which are both 3 mod 4) Thus they require a special initialization procedure in which these special form numbers are established. Recently, Halevi [14] ....

....9, 10, 14] One common problem of all these constructions is that they all rely on composite numbers of a special form (i.e. product of two primes which are both 3 mod 4) Thus they require a special initialization procedure in which these special form numbers are established. Recently, Halevi [14] described a method which uses the GMR construction but avoids the need for this initialization step. Several other constructions in the literature are based on the difficulty of extracting discrete logarithms. In particular, Pedersen [18] and Chaum, vanHeijst and Pfitzmann [8] described a scheme ....

[Article contains additional citation context not shown here]

S. Halevi, Efficient commitment with bounded sender and unbounded receiver. In D. Coppersmith, editor, Proc. Crypto `95. Lecture Notes in Computer Science, volume 963, Springer-Verlag, 1995. pages 84--96.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC