Published on: 2017-02-23T02:56:35+00:00
Peter Todd suggests that a commitment scheme should ensure that two messages cannot map to the same commitment, rather than focusing on the difficulty of finding the message given the commitment. Additionally, he mentions that commitments do not need to be of the same size and proposes a scheme where the commitment to short messages is the message itself, with only one additional bit of data added to the minimum serialized size of the commitment.However, in order to maintain uniform size for all values, two bits of security need to be sacrificed to allow for four values: terminal, middle, empty, and invalid. For a set containing a single value, the root would be that value with the two high order bits of the first byte reset to the appropriate value.In the bitcoin-dev discussion, Bram Cohen introduces the concept of 'generalized commitment' as a use-case specific approach to reduce hashing requirements. The proposal suggests that when one side of a node is empty and the other contains exactly two things, the secure hash of the child is adopted without rehashing it. This can potentially halve the amount of hashing done and increase resistance to malicious data, although it does introduce extra complexity.Cohen emphasizes that a commitment scheme only needs to ensure that two messages cannot map to the same commitment, without requiring difficulty in finding the message given the commitment. He believes that designing a scheme where the commitment to short messages is the message itself, with just one additional bit of data, could lead to overall savings, especially for situations where sub-digest-sized messages are common.Furthermore, Cohen highlights that this approach also enhances user-friendliness because programmers will be able to notice when a commitment is not effectively hiding the message. However, if message privacy is essential, an explicit nonce should be implemented instead of relying solely on the data being non-brute-forcible.Finally, Cohen mentions his increasing consideration of bit-granularity serialization schemes for these types of systems, suggesting a potential direction for future development.
Updated on: 2023-08-01T19:37:07.603099+00:00