Black-Box Anonymous Commit-and-Prove

Commit-and-prove is a building block that allows a party to commit to a secret input and then later prove something about it. This is a pillar of many cryptographic protocols and especially the ones underlying anonymous systems. In anonymous systems, often there is a set of public commitments, and a prover wants to prove a property about one of the inputs committed in the set, while hiding which one. This latter property gives the prover anonymity within the set. Currently, there are numerous commit-and-prove protocols in the anonymous setting from various computational and setup assumptions. However, all such approaches are non-black-box in the cryptographic primitive. In fact, there exists no anonymous black-box construction of commit-and-prove protocols, under any computational or setup assumption. This is despite the fact that, when anonymity is not required, blackbox commit-and-prove protocols are well known. Is this inherent in the anonymous setting? In this paper we provide a partial answer to the above question by constructing the first (one-time) black-box commit-and-prove protocol in the anonymous setting. We do so by first introducing a new primitive that we call Partially Openable Commitment (POC), and instantiating it in a black-box way from a Random Oracle. Next we show a black-box commit-and-prove protocol based on POC. From a theoretical standpoint, our result reduces the gap between known black-box feasibility results in the non-anonymous setting and the anonymous setting. From a practical standpoint, we show that our protocol can be very efficient for certain relations of interest.