[Cryptography] Komitments
Stephan Neuhaus
stephan.neuhaus at zhaw.ch
Tue Dec 18 15:45:13 EST 2018
If I understand your scheme, Bob can later claim to have committed to a
different message.
For example, Bob has the message
s1 = The secret agent is Alice
He chooses some random r1 and computes and publishes w = H(s1 + r1)
When it later turns out that Dave is in fact the secret agent, he takes
s2 = The secret agent is David
and publishes s2 and r2 = s1 + r1 - s2. Since H(s2 + r2) = w = H(s1 +
r1), Bob can thus "prove" that he knew that Dave had been the secret
agent all along.
Did I misunderstand something?
You could perhaps save your scheme by using concatenation instead of
addition. That looks as if it could work.
Cheers
Stephan
More information about the cryptography
mailing list