Organizer: Prof. Johannes Buchmann, Moritz Horsch
Cryptographic commitments are either unconditionally hiding or unconditionally binding, but cannot be both. As a consequence, the security of commonly used commitment schemes is threatened in the long-term, when adversaries become computationally much more powerful. We improve over this situation by putting forward a new notion of commitment schemes, so called long-term commitment schemes. These schemes allow for long-term protection because they allow to adjust the protection level after the initial commitment. We also present a construction of a long-term commitment scheme. Unfortunately, it seems impossible to prove the security of such a scheme using the traditional commitment binding definition. Therefore, we put forward a new notion of binding commitments, so called extractable-binding commitments, and use this notion to establish a security proof for our proposed long-term commitment scheme.