Jump to content

Commitment scheme

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Imran (talk | contribs) at 00:05, 23 January 2004. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

A commitment scheme is a method by which you can make a verifiable commitment without revealing what the commitment is.

They are commonly used in electronic cash, electronic voting and online games.

A simple commitment scheme is the following, if b is the your commitment generate a large random number r and publish cryptographic hash of b concatatanated with r. Then when you to reveal your commitment you publish b and r thus letting any third party recalculate the hash and compare it with your published hash to make sure you didn't cheat.

A commitment scheme can be either perfectly binding (it is theoretically impossible for you to alter your commitment after you have made it) or perfectly concealing (it is theoretically impossible for a third party to find out your commitment) but not both.

Perfectly binding scheme

Choose a group of prime order p, and let its generator be x.

Pick a value b from 0 to p-1 to commit to and calculate c=x^b and publish c. To reveal the commitment publish b.

This method isn't perfectly concealing as someone could find the commitment by solving the discrete logarithm problem c=x^b.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Commitment_scheme&oldid=2927752"