Erasable Bit Commitment from Temporary Quantum Trust

TL;DR

This paper introduces erasable bit commitment, a cryptographic primitive enabled by temporarily trusted third parties, allowing Alice to erase her commitment post-protocol, enhancing security in scenarios with limited trust guarantees.

Contribution

It presents the first protocol for erasable bit commitment using a constant number of trusted third parties with robustness against some corruptions and errors.

Findings

Protocol achieves erasable bit commitment with constant trusted parties.

Ensures no information leakage to third parties about the commitment.

Supports a small number of corrupt trusted parties and implementation errors.

Abstract

We introduce a new setting for two-party cryptography with temporarily trusted third parties. In addition to Alice and Bob in this setting, there are additional third parties, which Alice and Bob both trust to be honest during the protocol. However, once the protocol concludes, there is no guarantee over the behaviour of these third parties. It is possible that they collaborate and act adversarially. Our goal is to use these third parties to facilitate protocols which are impossible in two-party cryptography. We implement a variant of bit commitment in this setting, which we call erasable bit commitment. In this primitive, Alice has the choice of either opening or erasing her commitment after the commit phase. The ability to ask for an erasure allows Alice to ask the trusted parties to erase her commitment in case the trust period is about to expire. This erasure prevents a future coalition of the third parties and Bob from extracting any information about the commitment. However, this ability also makes erasable bit commitment weaker than the standard version of bit commitment. In addition to satisfying the security requirements of bit commitment, our protocol also does not reveal any information about the commitment to the third parties. Lastly, our protocol for this primitive requires a constant number of trusted third parties and can tolerate a small number of corrupt trusted parties as well as implementation errors.