Lattice-Based Key-Value Commitment Scheme with Key-Binding and Key-Hiding Properties

Abstract

Blockchain plays an important role in distributed file systems, such as cryptocurrency. One of the important building blocks of blockchain is the key-value commitment scheme, which constructs a commitment value from two inputs: a key and a value. In an ordinal commitment scheme, a single user creates a commitment value from an input value, whereas, in a key-value commitment scheme, multiple users create a commitment value from their own key and value. Both commitment schemes need to satisfy both binding and hiding properties. The concept of a key-value commitment scheme was first proposed by Agrawal et al. in 2020 using the strong RSA assumption. They also proved its key-binding property of their key-value commitment scheme. However, the key-hiding property was not yet proved. The key-hiding property was then proposed by Campaneli et al. in 2022. In this paper, we propose two lattice-based key-value commitment schemes, \(\textsf{Insert}\text {-}\textsf{KVC}_{m/2,n,q,\beta }\), and \(\textsf{KVC}_{m,n,q,\beta }\). Furthermore, we prove the key-binding and key-hiding of both lattice-based \(\textsf{Insert}\text {-}\textsf{KVC}_{m/2,n,q,\beta }\) and \(\textsf{KVC}_{m,n,q,\beta }\) for the first time. We prove the key-binding of both \(\textsf{Insert}\text {-}\textsf{KVC}_{m/2,n,q,\beta }\) and \(\textsf{KVC}_{m,n,q,\beta }\) based on the short integer solutions (\(\textsf{SIS}^\infty _{n,m,q,\beta }\)) problem. Furthermore, we prove key-hiding of both \(\textsf{Insert}\text {-}\textsf{KVC}_{m/2,n,q,\beta }\) and \(\textsf{KVC}_{m,n,q,\beta }\) based on the Decisional-\(\textsf{SIS}^\infty _{n,m,q,\beta }\) form problem, which we first introduced in this paper. We also discuss the difficulty of the Decisional-\(\textsf{SIS}^\infty _{n,m,q,\beta }\) form problem.