Pedersen Commitments

This document provides a comprehensive technical overview of Pedersen commitments used in the Roru Protocol.

Overview

What Are Pedersen Commitments

Pedersen commitments are cryptographic commitments that allow committing to a value while keeping it hidden, with the ability to prove properties about the committed value.

Properties

Hiding: The commitment doesn't reveal the committed value.

Binding: Cannot change the committed value without changing the commitment.

Additive Homomorphism: Can add commitments to add values.

Mathematical Foundation

Commitment Formula

Basic Formula:

C = v*G + r*H

Where:

• C = Commitment (point on curve)

• v = Value (scalar)

• r = Randomness (scalar)

• G, H = Base points (on elliptic curve)

Curve

Curve Used: BLS12-381

Properties:

• 128-bit security

• Efficient operations

• Pairing-friendly

Implementation

Commitment Generation

Code:

fn commit(value: u64, randomness: Scalar) -> Commitment {
    let value_point = value * G;
    let randomness_point = randomness * H;
    value_point + randomness_point
}

Commitment Verification

Verification:

• Verify point is on curve

• Verify commitment format

• Cannot verify value without opening

Security Properties

Hiding Property

Definition: Given commitment C, computationally infeasible to determine v.

Security: Based on discrete logarithm problem.

Binding Property

Definition: Cannot find two different (v, r) pairs producing same C.

Security: Based on discrete logarithm problem.

Homomorphic Properties

Additive Homomorphism

Property:

Commit(v1, r1) + Commit(v2, r2) = Commit(v1 + v2, r1 + r2)

Application: Efficient balance verification.

Conclusion

Pedersen commitments provide:

• Privacy: Hiding property

• Security: Binding property

• Efficiency: Homomorphic operations

• Flexibility: Various applications

• Proven Security: Cryptographic guarantees