What does “constant rate” mean in universal composable commitment scheme?












3












$begingroup$


I'm wondering what does the "constant rate" mean in universal composable commitment scheme? I have known the rate of a commitment scheme is message length divided by the communication complexity of the scheme. What's the "constant" mean here? Must the constant be a number less than 1?






commitments







share|improve this question









$endgroup$












  • $begingroup$
    Can you please post a reference to a paper or something where you encountered this term?
    $endgroup$
    – SEJPM
    Dec 18 '18 at 17:21
















3












$begingroup$


I'm wondering what does the "constant rate" mean in universal composable commitment scheme? I have known the rate of a commitment scheme is message length divided by the communication complexity of the scheme. What's the "constant" mean here? Must the constant be a number less than 1?






commitments







share|improve this question









$endgroup$












  • $begingroup$
    Can you please post a reference to a paper or something where you encountered this term?
    $endgroup$
    – SEJPM
    Dec 18 '18 at 17:21














3












3








3





$begingroup$


I'm wondering what does the "constant rate" mean in universal composable commitment scheme? I have known the rate of a commitment scheme is message length divided by the communication complexity of the scheme. What's the "constant" mean here? Must the constant be a number less than 1?






commitments







share|improve this question









$endgroup$




I'm wondering what does the "constant rate" mean in universal composable commitment scheme? I have known the rate of a commitment scheme is message length divided by the communication complexity of the scheme. What's the "constant" mean here? Must the constant be a number less than 1?






commitments




commitments






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 18 '18 at 17:14









CryptoLoverCryptoLover

402212




402212












  • $begingroup$
    Can you please post a reference to a paper or something where you encountered this term?
    $endgroup$
    – SEJPM
    Dec 18 '18 at 17:21


















  • $begingroup$
    Can you please post a reference to a paper or something where you encountered this term?
    $endgroup$
    – SEJPM
    Dec 18 '18 at 17:21
















$begingroup$
Can you please post a reference to a paper or something where you encountered this term?
$endgroup$
– SEJPM
Dec 18 '18 at 17:21




$begingroup$
Can you please post a reference to a paper or something where you encountered this term?
$endgroup$
– SEJPM
Dec 18 '18 at 17:21










1 Answer
1






active

oldest

votes


















4












$begingroup$

Constant rate in general means that the overhead from a non-secure method is constant. So, in a simple way, if I am committing to an $ell$-bit message, then the size of the commitment is $O(ell)$. In some cases, however, one also allows an additive factor that is independent of the message size. Thus, for example, it could be that to commit to a message of size $ell$ the amount is $O(ell)+{rm poly}(n)$, where $n$ is the security parameter.



Note that typically these are measured in an amortized manner. So, you have to send many commitments (or a long message) for it to be true. But, again, this depends on the exact scheme, so you'll have to read the details.






share|improve this answer









$endgroup$













  • $begingroup$
    Thanks for your answer. I have one more question: how large the size of the commitment is would be regarded as bad? For example, if the size of the commitment is O(nl) for committing l-bit message, where n is security parameter, is it bad?
    $endgroup$
    – CryptoLover
    Jan 10 at 16:50










  • $begingroup$
    Good or bad depends on your setting and what you want. In general, $O(ncdotell)$ is of course much worse than $O(ell)+poly(n)$, but if you want to commit to a little bit only, sometimes a simpler scheme is better.
    $endgroup$
    – Yehuda Lindell
    Jan 11 at 1:23











Your Answer





StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "281"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f65963%2fwhat-does-constant-rate-mean-in-universal-composable-commitment-scheme%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









4












$begingroup$

Constant rate in general means that the overhead from a non-secure method is constant. So, in a simple way, if I am committing to an $ell$-bit message, then the size of the commitment is $O(ell)$. In some cases, however, one also allows an additive factor that is independent of the message size. Thus, for example, it could be that to commit to a message of size $ell$ the amount is $O(ell)+{rm poly}(n)$, where $n$ is the security parameter.



Note that typically these are measured in an amortized manner. So, you have to send many commitments (or a long message) for it to be true. But, again, this depends on the exact scheme, so you'll have to read the details.






share|improve this answer









$endgroup$













  • $begingroup$
    Thanks for your answer. I have one more question: how large the size of the commitment is would be regarded as bad? For example, if the size of the commitment is O(nl) for committing l-bit message, where n is security parameter, is it bad?
    $endgroup$
    – CryptoLover
    Jan 10 at 16:50










  • $begingroup$
    Good or bad depends on your setting and what you want. In general, $O(ncdotell)$ is of course much worse than $O(ell)+poly(n)$, but if you want to commit to a little bit only, sometimes a simpler scheme is better.
    $endgroup$
    – Yehuda Lindell
    Jan 11 at 1:23
















4












$begingroup$

Constant rate in general means that the overhead from a non-secure method is constant. So, in a simple way, if I am committing to an $ell$-bit message, then the size of the commitment is $O(ell)$. In some cases, however, one also allows an additive factor that is independent of the message size. Thus, for example, it could be that to commit to a message of size $ell$ the amount is $O(ell)+{rm poly}(n)$, where $n$ is the security parameter.



Note that typically these are measured in an amortized manner. So, you have to send many commitments (or a long message) for it to be true. But, again, this depends on the exact scheme, so you'll have to read the details.






share|improve this answer









$endgroup$













  • $begingroup$
    Thanks for your answer. I have one more question: how large the size of the commitment is would be regarded as bad? For example, if the size of the commitment is O(nl) for committing l-bit message, where n is security parameter, is it bad?
    $endgroup$
    – CryptoLover
    Jan 10 at 16:50










  • $begingroup$
    Good or bad depends on your setting and what you want. In general, $O(ncdotell)$ is of course much worse than $O(ell)+poly(n)$, but if you want to commit to a little bit only, sometimes a simpler scheme is better.
    $endgroup$
    – Yehuda Lindell
    Jan 11 at 1:23














4












4








4





$begingroup$

Constant rate in general means that the overhead from a non-secure method is constant. So, in a simple way, if I am committing to an $ell$-bit message, then the size of the commitment is $O(ell)$. In some cases, however, one also allows an additive factor that is independent of the message size. Thus, for example, it could be that to commit to a message of size $ell$ the amount is $O(ell)+{rm poly}(n)$, where $n$ is the security parameter.



Note that typically these are measured in an amortized manner. So, you have to send many commitments (or a long message) for it to be true. But, again, this depends on the exact scheme, so you'll have to read the details.






share|improve this answer









$endgroup$



Constant rate in general means that the overhead from a non-secure method is constant. So, in a simple way, if I am committing to an $ell$-bit message, then the size of the commitment is $O(ell)$. In some cases, however, one also allows an additive factor that is independent of the message size. Thus, for example, it could be that to commit to a message of size $ell$ the amount is $O(ell)+{rm poly}(n)$, where $n$ is the security parameter.



Note that typically these are measured in an amortized manner. So, you have to send many commitments (or a long message) for it to be true. But, again, this depends on the exact scheme, so you'll have to read the details.







share|improve this answer












share|improve this answer



share|improve this answer










answered Dec 18 '18 at 17:34









Yehuda LindellYehuda Lindell

18.6k3661




18.6k3661












  • $begingroup$
    Thanks for your answer. I have one more question: how large the size of the commitment is would be regarded as bad? For example, if the size of the commitment is O(nl) for committing l-bit message, where n is security parameter, is it bad?
    $endgroup$
    – CryptoLover
    Jan 10 at 16:50










  • $begingroup$
    Good or bad depends on your setting and what you want. In general, $O(ncdotell)$ is of course much worse than $O(ell)+poly(n)$, but if you want to commit to a little bit only, sometimes a simpler scheme is better.
    $endgroup$
    – Yehuda Lindell
    Jan 11 at 1:23


















  • $begingroup$
    Thanks for your answer. I have one more question: how large the size of the commitment is would be regarded as bad? For example, if the size of the commitment is O(nl) for committing l-bit message, where n is security parameter, is it bad?
    $endgroup$
    – CryptoLover
    Jan 10 at 16:50










  • $begingroup$
    Good or bad depends on your setting and what you want. In general, $O(ncdotell)$ is of course much worse than $O(ell)+poly(n)$, but if you want to commit to a little bit only, sometimes a simpler scheme is better.
    $endgroup$
    – Yehuda Lindell
    Jan 11 at 1:23
















$begingroup$
Thanks for your answer. I have one more question: how large the size of the commitment is would be regarded as bad? For example, if the size of the commitment is O(nl) for committing l-bit message, where n is security parameter, is it bad?
$endgroup$
– CryptoLover
Jan 10 at 16:50




$begingroup$
Thanks for your answer. I have one more question: how large the size of the commitment is would be regarded as bad? For example, if the size of the commitment is O(nl) for committing l-bit message, where n is security parameter, is it bad?
$endgroup$
– CryptoLover
Jan 10 at 16:50












$begingroup$
Good or bad depends on your setting and what you want. In general, $O(ncdotell)$ is of course much worse than $O(ell)+poly(n)$, but if you want to commit to a little bit only, sometimes a simpler scheme is better.
$endgroup$
– Yehuda Lindell
Jan 11 at 1:23




$begingroup$
Good or bad depends on your setting and what you want. In general, $O(ncdotell)$ is of course much worse than $O(ell)+poly(n)$, but if you want to commit to a little bit only, sometimes a simpler scheme is better.
$endgroup$
– Yehuda Lindell
Jan 11 at 1:23


















draft saved

draft discarded




















































Thanks for contributing an answer to Cryptography Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


Use MathJax to format equations. MathJax reference.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcrypto.stackexchange.com%2fquestions%2f65963%2fwhat-does-constant-rate-mean-in-universal-composable-commitment-scheme%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Сан-Квентин

Image
Сан-Квентин Местоположение Сан-Квентин, Калифорния Координаты 37°56′13″ с. ш. 122°29′20″ з. д. H G Я O L Текущий статус Действует Режим безопасности минимальный и максимальный Количество мест 3 302 Открытие Июнь 1852 Находится в ведомстве California Department of Corrections and Rehabilitation Начальник Mike Martel, начальник  Сан-Квентин на Викискладе Сан-Квентин (англ.  San Quentin ) — тюрьма, располагающаяся на 432 акрах (около 1,7 км²), на мысе Сан-Квентин, в округе Марин, штат Калифорния, США. Тюрьма штата Калифорния Сан-Квентин была открыта в июле 1852 года и является старейшей в штате. Она была построена заключёнными, которые проживали в течение строительства на тюремном судне Вабан. В Сан-Квентине отбывали наказание и мужчины, и женщины до 1934 года, когда построили женскую тюрьму в Техачапи и туда перевели всех заключённых женщин. В Сан-Квентине приводятся в исполнение смертные казни, для этого имеется газовая камера, но...
Read more

8-я гвардейская общевойсковая армия

Image
8-я гвардейская общевойсковая ордена Ленина армия Награды: Войска: РККА → Советская армия → СВ России Род войск: Формирование: 1943 Расформирование (преобразование): 1992 Предшественник: 62-я армия (1942—43) → 8-я гвардейская общевойсковая армия (1943—92) → 8-й гвардейский армейский корпус (1992—98) Боевой путь Изюм-Барвенковская операция Донбасская операция Запорожская операция Битва за Днепр Днепропетровская операция Березнеговато-Снигирёвская операция Одесская операция Люблин-Брестская операция Варшавско-Познанская операция Восточно-Померанская операция Берлинская наступательная операция У этого термина существуют и другие значения, см. 8-я армия. Фотография Гвардейского Красного Знамени (лицевая сторона) 8-й гвардейской армии , образца 1943 года. Фотография Гвардейского Красного Знамени (оборотная сторона) 8-й гвардейской армии , образца 1943 года. 8-я гвардейская общевойсковая ордена Ленина армия  — гвардейское фор...
Read more

Алькесар

Image
Муниципалитет Алькесар Alquézar Герб 42°10′16″ с. ш. 0°01′27″ в. д. H G Я O L Страна Испания   Испания Автономное сообщество Арагон Провинция Уэска Комарка Сомонтано-де-Барбастро Алькальд Хосе Марияно Альтемир Ласкорс (ИСРП) История и география Площадь 32,36 км² Высота НУМ 660 м Часовой пояс UTC+1, летом UTC+2 Население Население 313 человек ( 2010 ) Плотность 9,92 чел./км² Этнохороним alquezarano/-a Цифровые идентификаторы Телефонный код +34 974 Почтовые индексы 22112 Автомобильный код HU alquezar.org   (исп.) Показать/скрыть карты Алькесар Алькесар Алькесар  Аудио, фото и видео на Викискладе Алькесар (исп.  Alquézar ) — муниципалитет в Испании, входит в провинцию Уэска, в составе автономного сообщества Арагон. Муниципалитет находится в составе района (комарки) Сомонтано-де-Барбастро. Занимает площадь 32,36 км². Население — 321 челове...
Read more