Author: Bram Cohen 2017-02-23 02:56:35
Published on: 2017-02-23T02:56:35+00:00
In an email discussion, Peter Todd explains that a commitment scheme only needs to ensure that it's not possible to find two messages that map to the same commitment, and it is not required that it be difficult to find the message given the commitment. He also notes that commitments do not need to always be the same size. As a result, he suggests designing a scheme where the commitment to short messages is the message itself, adding just a single bit of data to the minimum serialized size of the commitment. However, sacrifices must be made for all values to be the same size, resulting in sacrificing two bits of security to allow for four values: terminal, middle, empty, and invalid. The root of a set containing a single value is just that value with the two high order bits of the first byte reset to the appropriate value.
Updated on: 2023-06-11T21:46:14.614322+00:00